CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without needing to provide ...

7AI score0.00076EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 7:3 a.m.•1 views

CVE-2024-11197

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

4.2CVSS6.7AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:54 a.m.•2 views

CVE-2024-12603

A logic vulnerability in the the mobile application com.transsion.applock can lead to bypassing the application password...

9.8CVSS6.8AI score0.00078EPSS

Exploits0References1

RedhatCVE•added 2025/03/20 1:12 p.m.•6 views

CVE-2025-2489

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json...

6.8CVSS6.7AI score0.0007EPSS

Exploits0References3

CVE•added 2025/03/18 11:26 a.m.•51 views

CVE-2025-2489

CVE-2025-2489 affects NTFS Tools 3.5.1 and involves insecure storage of sensitive information. The vulnerability stems from storing the application password in /Users/user/Library/Application Support/ntfs-tool/config.json, enabling an attacker with local access to read the password. Documented im...

6.8CVSS6.1AI score0.0007EPSS

Exploits0References1

Vulnrichment•added 2025/03/18 11:26 a.m.•12 views

CVE-2025-2489 Insecure storage of sensitive information in NTFS Tool

6.8CVSS6.1AI score0.0007EPSS

Exploits0References1

CVE•added 2024/12/13 2:54 a.m.•47 views

CVE-2024-12603

CVE-2024-12603 is a logic vulnerability in the mobile application com.transsion.applock (TECNO/Transsion). The issue allows bypassing the application password. Public records point to a logic flaw in the app that can enable access without the correct password. Available concrete details mention T...

9.8CVSS6.5AI score0.00078EPSS

Exploits0References2

NVD•added 2024/02/14 5:15 p.m.•10 views

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

7.7CVSS7.6AI score0.00057EPSS

Exploits0References1

CVE•added 2024/02/14 4:47 p.m.•41 views

CVE-2023-6409

CVE-2023-6409 is tied to Schneider Electric EcoStruxure Control Expert (and related Modicon/M580/Process Expert components) and is documented as CWE-798: Use of Hard-coded Credentials. The vulnerability enables unauthorized access to a project file protected by an application password when opened...

7.7CVSS7.5AI score0.00057EPSS

Exploits0References1Affected Software2

Tenable Nessus•added 2023/10/18 12:0 a.m.•18 views

WordPress 5.9.x < 5.9.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•21 views

WordPress 5.6.x < 5.6.12 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•83 views

WordPress 5.7.x < 5.7.10 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•96 views

WordPress 5.2.x < 5.2.19 Multiple Vulnerabilities