37 matches found
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the unvalidated password reset API endpoint, allowing attackers to change account passwords without...
CVE-2026-33318
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
CVE-2026-24428
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...
EUVD-2020-16391
Malware in sbrugna...
EUVD-2025-5044
Malicious code in bioql PyPI...
PT-2025-32330 · Burk Technology · Arc Solo
Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...
CVE-2012-1562
Joomla! core before 2.5.3 allows unauthorized password change...
📄 Casdoor 1.901.0 Cross Site Request Forgery
Casdoor version 1.901.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...
Exploit for Unverified Password Change in Fortinet Fortiswitch
CVE-2024-48887-FortiSwitch-Exploit 🚨 FortiSwitch CVE-2024-4888...
CVE-2024-12876 Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...
CVE-2024-46430
Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...
CVE-2024-46430
Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...
WordPress plugin AdForest 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization...
Cisco Secure ACS Unauthorized Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...
PT-2024-25465 · Unknown · Section Camera
Name of the Vulnerable Software and Affected Versions: Section Camera versions 2.5.5.3116-S50-SMA-B20160811 and earlier Description: The issue allows the accounts and passwords of administrators and users to be changed without authorization. Recommendations: For Section Camera versions...
CVE-2024-24903
Dell Secure Connect Gateway SCG Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the...
CVE-2023-43183
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...
Security Bulletin: IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes
Summary IBM Aspera Faspex could allow an unauthenticated user to change another user's credentials. The unauthenticated user can get a token that then lets them change another user's password. This issue has been resolved. Vulnerability Details CVEID:CVE-2023-27875 DESCRIPTION: IBM Aspera Faspex...
CVE-2022-1368
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...
CVE-2021-22731
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM and MCSESP V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker...