CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

PT-2026-21798

Name of the Vulnerable Software and Affected Versions EventSentry versions prior to 6.0.1.20 Description EventSentry has a flaw where passwords can be changed without verifying the current password through the account management functionality within the Web Reports interface. An attacker gaining...

EUVD-2026-6121

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

CVE-2026-2543

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

CVE-2025-59808

An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....

EUVD-2023-2672

Malicious code in bioql PyPI...

EUVD-2023-54245

Malicious code in bioql PyPI...

CVE-2024-48887

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request...

CVE-2025-1107 Unverified password change vulnerability in Janto

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...

PT-2023-8254 · Poly · Edge E220 +36

Name of the Vulnerable Software and Affected Versions: Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX...

Default credentials

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

PT-2023-32375 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.2.0 Description: The issue concerns an unverified password change in the GitHub repository pimcore/admin-ui-classic-bundle. This allows an attacker to set an old password as a new password,...

CVE-2018-8916

Unverified password change vulnerability in Change Password in Synology DiskStation Manager DSM before 6.2-23739 allows remote authenticated users to reset password without verification...