269 matches found
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
CVE-2023-26460
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...
CVE-2020-14122
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...
CVE-2025-47779
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
CVE-2020-14245
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources...
CVE-2025-3810
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...
CVE-2025-3605
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...
CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...
CVE-2025-3810
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...
CVE-2025-3811
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...
CVE-2025-3852
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...
CVE-2025-3610
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...
Large Language Model-Driven Security Assistant for Internet of Things Via Chain-Of-Thought
The rapid development of Internet of Things IoT technology has transformed people's way of life and has a profound impact on both production and daily activities. However, with the rapid advancement of IoT technology, the security of IoT devices has become an unavoidable issue in both research an...
CVE-2025-3610
CVE-2025-3610 — Reales WP STPT (WordPress) is a privilege-escalation vulnerability in all versions up to 2.1.2 caused by improper validation of a user’s identity before updating their details (e.g., password). An authenticated attacker with subscriber-level access or higher can change arbitrary u...
PT-2025-19824 · WordPress · Reales Wp Stpt
Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as the password. This allows authenticat...
PT-2025-18742 · WordPress · Otp-Less One Tap Sign In Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: OTP-less one tap Sign in plugin for WordPress versions 2.0.14 through 2.0.59 Description: The issue is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for...
CVE-2025-3603
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...
CVE-2025-3604
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated...
CVE-2025-3607
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...
PT-2025-17717
Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to, and including, 2.2.0 Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their details,...