91 matches found
EUVD-2018-11788
Malware in sbrugna...
EUVD-2019-3013
Malware in sbrugna...
EUVD-2021-2414
Malware in sbrugna...
EUVD-2018-2011
Malware in sbrugna...
EUVD-2021-12807
Malware in sbrugna...
EUVD-2020-7920
Malware in sbrugna...
EUVD-2023-40112
Malicious code in bioql PyPI...
EUVD-2024-0825
Malicious code in bioql PyPI...
EUVD-2023-50665
Malicious code in bioql PyPI...
EUVD-2025-14949
Malicious code in bioql PyPI...
EUVD-2022-2228
Malicious code in bioql PyPI...
EUVD-2024-2144
Malicious code in bioql PyPI...
CVE-2024-12827
CVE-2024-12827 affects the DWT - Directory & Listing WordPress Theme up to version 3.3.6. The root cause is an insufficient check for an empty token value in dwt_listing_reset_password(), enabling unauthenticated attackers to reset arbitrary user passwords (including admins) and take over account...
CVE-2025-22144
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...
CVE-2023-39655
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...
CVE-2023-36133
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...
CVE-2021-41275
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
CVE-2020-35129
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on...
CVE-2020-15949
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
CVE-2019-15585
Improper authentication exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account...