38 matches found
CVE-2026-54103
CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...
CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
CVE-2025-14998
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
IBM Aspera Orchestrator Unverified Password Change Vulnerability
IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...
CVE-2025-13615
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
D-Link DIR-820L Access Control Error Vulnerability
The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...
D-Link DIR-820L 安全漏洞
The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...
EUVD-2025-31019
Malicious code in bioql PyPI...
CVE-2025-26515
StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...
CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)
StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...
CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...
WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary User Password Change vulnerability
Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...
CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...
PT-2025-36495
Name of the Vulnerable Software and Affected Versions: Doccure versions prior to 1.4.9 Description: The Doccure theme for WordPress is susceptible to unauthorized modification of user passwords. This occurs because the plugin allows user-controlled access to objects, enabling bypass of...
CVE-2025-5095
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforc...
UTT Progressive 750W Unauthenticated Password Change Vulnerability
The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from an unauthenticated password change vulnerability, which originates from an unauthenticated password change due to...
UTT 750W 安全漏洞
The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from an unauthenticated password change vulnerability, which originates from an unauthenticated password change due to...
ContiNew Admin 安全漏洞
ContiNew Admin is ContiNew open source a continuous iterative optimization of front-end and back-end separation of the middle and back-end management system framework. A security vulnerability exists in ContiNew Admin 3.6.0 and earlier versions, which stems from an unauthenticated password change...