194 matches found
CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...
PT-2026-41301
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
EUVD-2025-209884
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2026-34408
An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...
CVE-2026-28514
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2025-70997
CVE-2025-70997 affects eladmin versions 2.7 and earlier. The connected sources describe a vulnerability that allows an arbitrary user password reset under any user permission level, implying a weakness in authentication/authorization that enables password resets without sufficient privileges. The...
ELADMIN 安全漏洞
ELADMIN is a backend management system developed by elunez’s individual developer. Versions of ELADMIN 2.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability allowing arbitrary user password resets, which could lead to password resets at any user...
CVE-2025-13615
CVE-2025-13615 concerns the WordPress StreamTube Core plugin (versions up to 4.78). The issue arises from user-controlled access to objects, allowing unauthenticated attackers to bypass authorization and perform arbitrary password changes on user accounts, potentially taking over administrator ac...
WordPress plugin StreamTube Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...
EUVD-2015-8155
Malware in sbrugna...
EUVD-2009-4370
Malware in sbrugna...
EUVD-2015-4708
Malware in sbrugna...
EUVD-2015-8448
Malware in sbrugna...
EUVD-2012-1134
Malware in sbrugna...
EUVD-2017-17076
Malware in sbrugna...
EUVD-2019-2240
Malware in sbrugna...
EUVD-2017-15586
Malware in sbrugna...
EUVD-2022-4787
Malicious code in bioql PyPI...