Lucene search
K

38 matches found

CVE
CVE
added 2026/06/18 4:12 p.m.27 views

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 2:20 p.m.37 views

CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

8.8CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.11 views

CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/26 10:5 a.m.4 views

CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/03 2:22 a.m.9 views

CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.00541EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/18 12:0 a.m.2 views

IBM Aspera Orchestrator Unverified Password Change Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...

8.1CVSS7AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/11/30 2:15 a.m.12 views

CVE-2025-13615

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.00324EPSS
Exploits1References2
CNVD
CNVD
added 2025/10/22 12:0 a.m.4 views

D-Link DIR-820L Access Control Error Vulnerability

The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...

8.8CVSS7.4AI score0.00493EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.11 views

D-Link DIR-820L 安全漏洞

The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...

8.8CVSS7.3AI score0.00493EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31019

Malicious code in bioql PyPI...

6.6AI score0.06291EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.15 views

CVE-2025-26515

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

7.5CVSS7AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/19 6:34 p.m.9 views

CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

7.5CVSS0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 7:18 p.m.7 views

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS5.9AI score0.0037EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/08 10:27 p.m.9 views

WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary User Password Change vulnerability

Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...

9.8CVSS7AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/08 6:23 p.m.13 views

CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36495

Name of the Vulnerable Software and Affected Versions: Doccure versions prior to 1.4.9 Description: The Doccure theme for WordPress is susceptible to unauthorized modification of user passwords. This occurs because the plugin allows user-controlled access to objects, enabling bypass of...

9.8CVSS6.3AI score0.0037EPSS
Exploits0References5
NVD
NVD
added 2025/08/08 6:15 p.m.4 views

CVE-2025-5095

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforc...

9.8CVSS0.00928EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/08 12:0 a.m.5 views

UTT Progressive 750W Unauthenticated Password Change Vulnerability

The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from an unauthenticated password change vulnerability, which originates from an unauthenticated password change due to...

9.8CVSS7.2AI score0.00577EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/15 12:0 a.m.4 views

UTT 750W 安全漏洞

The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from an unauthenticated password change vulnerability, which originates from an unauthenticated password change due to...

9.8CVSS6AI score0.00577EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/05/11 12:0 a.m.7 views

ContiNew Admin 安全漏洞

ContiNew Admin is ContiNew open source a continuous iterative optimization of front-end and back-end separation of the middle and back-end management system framework. A security vulnerability exists in ContiNew Admin 3.6.0 and earlier versions, which stems from an unauthenticated password change...

8.1CVSS5.5AI score0.0045EPSS
Exploits1References2
Rows per page
Query Builder