Lucene search
K

37 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the unvalidated password reset API endpoint, allowing attackers to change account passwords without...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 3:16 a.m.3 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS0.00472EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/26 5:39 p.m.4 views

CVE-2026-24428

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

8.7CVSS5.9AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-16391

Malware in sbrugna...

7.5CVSS7.5AI score0.00927EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-5044

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00785EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32330 · Burk Technology · Arc Solo

Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...

9.8CVSS6.6AI score0.00873EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 6:14 a.m.9 views

CVE-2012-1562

Joomla! core before 2.5.3 allows unauthorized password change...

7.5CVSS7.1AI score0.0089EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/05/06 12:0 a.m.81 views

📄 Casdoor 1.901.0 Cross Site Request Forgery

Casdoor version 1.901.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/04/09 5:27 p.m.428 views

Exploit for Unverified Password Change in Fortinet Fortiswitch

CVE-2024-48887-FortiSwitch-Exploit 🚨 FortiSwitch CVE-2024-4888...

9.8CVSS9.7AI score0.11374EPSS
Exploits1
Cvelist
Cvelist
added 2025/03/07 8:21 a.m.17 views

CVE-2024-12876 Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

9.8CVSS0.00417EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/12 12:34 a.m.13 views

CVE-2024-46430

Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...

6.5CVSS7.5AI score0.00785EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/10 12:0 a.m.9 views

CVE-2024-46430

Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...

6.8AI score0.00785EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.4 views

WordPress plugin AdForest 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization...

9.8CVSS8.8AI score0.00672EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.169 views

Cisco Secure ACS Unauthorized Password Change

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...

5CVSS7AI score0.1464EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-25465 · Unknown · Section Camera

Name of the Vulnerable Software and Affected Versions: Section Camera versions 2.5.5.3116-S50-SMA-B20160811 and earlier Description: The issue allows the accounts and passwords of administrators and users to be changed without authorization. Recommendations: For Section Camera versions...

8.2CVSS6.8AI score0.00376EPSS
Exploits0References5
NVD
NVD
added 2024/03/01 2:15 p.m.18 views

CVE-2024-24903

Dell Secure Connect Gateway SCG Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the...

8CVSS7.8AI score0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/03 12:0 a.m.7 views

CVE-2023-43183

Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...

8.8AI score0.01178EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/21 7:36 a.m.77 views

Security Bulletin: IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes

Summary IBM Aspera Faspex could allow an unauthenticated user to change another user's credentials. The unauthenticated user can get a token that then lets them change another user's password. This issue has been resolved. Vulnerability Details CVEID:CVE-2023-27875 DESCRIPTION: IBM Aspera Faspex...

7.5CVSS7.5AI score0.00559EPSS
Exploits0Affected Software7
OSV
OSV
added 2022/09/06 11:15 p.m.4 views

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

9.8CVSS5.8AI score0.00778EPSS
Exploits0References1
OSV
OSV
added 2021/05/26 8:15 p.m.1 views

CVE-2021-22731

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM and MCSESP V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker...

9.8CVSS7.4AI score
Exploits0References1
Rows per page
Query Builder