EUVD-2025-209152

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

CVE-2025-71279 XenForo Passkey Security Bypass

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

EUVD-2025-209061

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

CVE-2025-66595

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery CSRF. When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows:...

CVE-2020-36948 VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

Grav is vulnerable to Arbitrary File Read

Summary - A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. - This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password reset token. - This can allow an adversar...

CVE-2025-65276

An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from improper access control and could lead to arbitrary deletion of user accounts...

CVE-2025-30257

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account...

Section Camera 安全漏洞

Section Camera is a series of cameras from Section. A security vulnerability exists in Section Camera version V2.5.5.3116-S50-SMA-B20160811 and prior versions, which stems from a vulnerability that allows unauthorized changes to administrator and user accounts and passwords...

NetApp StorageGRID Cross-Site Scripting Vulnerability

NetApp StorageGRID is a suite of object storage solutions from Network Appliance NetApp. A security vulnerability exists in NetApp StorageGRID versions prior to 11.8. An attacker could exploit the vulnerability to view or modify configuration settings or add/modify user accounts...

Vulnerability fixed in Zimbra

Zimbra has fixed a vulnerability in Zimbra Collaboration. An unauthenticated malicious person could exploit the vulnerability to gain access to a user account and thus potentially gain access to sensitive data in the context of that account. To the best of our knowledge, no user interaction is...

Hewlett Packard Enterprise OneView 安全漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise that facilitates automated device management for IT departments. A security vulnerability exists in Hewlett Packard Enterprise OneView versions prior to 8.2 that stems from a device dump that could expose OneView use...

Zyxel CloudCNM SecuManager SQL注入漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A SQL injection vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1. An attacker can...

StarWind SAN & NAS 授权问题漏洞

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind.A security vulnerability exists in StarWind SAN & NAS that could be exploited by an attacker to reset the passwords of other users...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2020-45188)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An information disclosure vulnerabili...

CVE-2019-18380

Symantec Industrial Control System Protection ICSP, versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication...

Login Bypass Vulnerability in Yunye CMS

Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. A login bypass vulnerability exists in Yunye CMS. An attacker can use the vulnerability to bypass the account password authentication and directly log into the user account...