Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/08/23 12:23 a.m.3 views

CVE-2025-52351

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...

8.8CVSS7.2AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/08/21 6:15 p.m.3 views

CVE-2025-52351

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...

8.8CVSS0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34264 · Unknown · Aikaan Iot Management Platform

Name of the Vulnerable Software and Affected Versions: Aikaan IoT management platform version 3.25.0325-5-g2e9c59796 Description: The Aikaan IoT management platform sends newly generated passwords to users in plaintext via email. The same password is also included as a query parameter in the...

8.8CVSS7AI score0.00216EPSS
Exploits0References6
CVE
CVE
added 2025/08/21 12:0 a.m.13 views

CVE-2025-52351

CVE-2025-52351 affects Aikaan IoT management platform v3.25.0325-5-g2e9c59796. The vulnerability arises from sending a newly generated password to users in plaintext via email and including the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz...

8.8CVSS6.6AI score0.00216EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2025/01/17 12:5 p.m.7 views

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2024/08/12 11:33 a.m.22 views

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

6.3CVSS0.00359EPSS
Exploits1References1
NVD
NVD
added 2021/11/04 4:15 p.m.14 views

CVE-2021-40128

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...

5.3CVSS0.00955EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/03 12:0 a.m.5 views

PT-2021-5336 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation...

5.3CVSS5.2AI score0.00955EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.5 views

xwiki-platform 授权问题漏洞

Thomas Mortagne xwiki-platform is an open source application by Thomas Mortagne. A general-purpose wiki platform that provides runtime services for applications built on it. xwiki-platform suffers from an authorization issue vulnerability that stems from the fact that a user who registers using...

8.8CVSS7.8AI score0.01132EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/04/24 10:33 a.m.21 views

Weblate: CSRF - Changing the full name / adding a secondary email identity of an account via a GET request

SUMMARY ---------- Hello, I have found a CSRF request via the activation email that will change the full name of the targeted account. This vulnerability exists if the attacker registers a new account and then gives his activation link to someone else. If the victim uses the received activation...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.45 views

Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PunBB Blind Password Recovery Vulnerability Release Date: 2008/02/20 Last Modified: 2008/02/20 Author: Stefan Esser stefan.esseratsektioneins.de Application: PunBB = 1.2.16 Severity...

7.2AI score
Exploits0
Rows per page
Query Builder