CVE-2026-24428

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

CVE-2023-53969 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Password Change

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

CVE-2023-53968 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

CVE-2023-53969

CVE-2023-53969 affects Screen SFT DAB 600/C firmware 1.9.3. The vulnerability is a session management flaw: IP-address binding allows an attacker to bypass authentication and issue password changes via the userManager API. Impact ranges from high (CVE/3.1) to critical (CVSS4.0) with potential cre...

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...

EUVD-2023-60184

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...

CVE-2023-7328 Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...

PT-2025-43759

Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL versions prior to fedcf58797bf2791591606f7b61fdad99ad8bff1 Description A flaw exists within the User Management Interface component of the software, specifically concerning file uploads. Manipulation of t...

CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

Part-DB 安全漏洞

Part-DB is a web-based database for managing electronic components from Part-DB Open Source. A security vulnerability exists in Part-DB versions prior to 1.17.3, which stems from the fact that authenticated users can upload files with misleading extensions, potentially leading to a denial of...

Red Hat Keycloak Code Execution Vulnerability (CNVD-2020-35005)

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in the user management access interface of Red Hat Keycloak. The vulnerability can be exploited by an attacker ...

NetApp OnCommand System Manager - zapiServlet User Management Interface Multiple Cross-Site Scripting Vulnerabilities

NetApp OnCommand System Manager - zapiServlet User Management Interface Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/59688/info NetApp OnCommand System Manager is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails ...

ArGoSoft 1.8.x - Authentication Bypass

ArGoSoft 1.8.x - Authentication Bypass source: https://www.securityfocus.com/bid/7608/info A vulnerability has been reported for ArGoSoft Mail Server FreeWare version. The problem occurs due to the FreeWare version of ArGoSoft failing to carry out sufficient authentication before granting access ...

ArGoSoft 1.8.x - Authentication Bypass

source: https://www.securityfocus.com/bid/7608/info A vulnerability has been reported for ArGoSoft Mail Server FreeWare version. The problem occurs due to the FreeWare version of ArGoSoft failing to carry out sufficient authentication before granting access to the user management interface. As a...