Lucene search
K

43 matches found

Cvelist
Cvelist
added 2026/06/18 4:12 p.m.36 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
CVE
CVE
added 2025/11/30 1:53 a.m.44 views

CVE-2025-13615

CVE-2025-13615 concerns the WordPress StreamTube Core plugin (versions up to 4.78). The issue arises from user-controlled access to objects, allowing unauthenticated attackers to bypass authorization and perform arbitrary password changes on user accounts, potentially taking over administrator ac...

9.8CVSS5.9AI score0.00324EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15586

Malware in sbrugna...

9.8CVSS9.5AI score0.01456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-8448

Malware in sbrugna...

7.4CVSS6.4AI score0.01166EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33578

Malicious code in bioql PyPI...

9.8CVSS9AI score0.0064EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50168

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00581EPSS
Exploits0References3
CVE
CVE
added 2025/07/09 3:22 a.m.50 views

CVE-2025-4606

The CVE-2025-4606 entry concerns the Sala - Startup & SaaS WordPress Theme and its vulnerability to unauthenticated privilege escalation. Affected versions are all up to 1.1.4, where the theme fails to properly validate a user’s identity before updating details such as passwords. This allows an u...

9.8CVSS7.1AI score0.00561EPSS
In wildExploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/18 12:0 a.m.7 views

Nokri - Job Board Theme for WordPress < 1.6.3 Arbitrary Password Change

The WordPress DWT - Directory & Listing Theme installed on the remote host is affected by an unauthenticated Arbitrary Password Change. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

9.8CVSS9.4AI score0.02163EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/04 10:43 p.m.12 views

CVE-2024-8911

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS7.8AI score0.02823EPSS
Exploits0References1
NVD
NVD
added 2025/01/09 8:15 p.m.12 views

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.0064EPSS
Exploits0References2
OSV
OSV
added 2024/10/17 2:15 a.m.4 views

CVE-2024-9862

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...

9.8CVSS5.8AI score0.00581EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.169 views

Cisco Secure ACS Unauthorized Password Change

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...

5CVSS7AI score0.1464EPSS
Exploits2
NVD
NVD
added 2024/04/18 10:15 p.m.21 views

CVE-2024-22179

The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change...

8.7CVSS7.9AI score0.00391EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.284 views

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

!/usr/bin/env python Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.6 views

PT-2022-24882 · WordPress · Directorist

Name of the Vulnerable Software and Affected Versions: Directorist WordPress plugin versions prior to 7.4.2.2 Description: The issue allows an attacker to exploit an IDOR vulnerability, enabling them to change the password of arbitrary users instead of their own. Recommendations: For Directorist...

6.7CVSS7.5AI score0.00696EPSS
Exploits2References8
Mageia
Mageia
added 2022/08/25 9:21 p.m.56 views

Updated ldb/samba/sssd packages fix security vulnerability

Fixed AD restrictions bypass associated with changing passwords bsc1201495. CVE-2022-2031 Fixed a memory leak in SMB1 bsc1201496. CVE-2022-32742 Fixed an arbitrary password change request for any AD user bsc1201493. CVE-2022-32744 Fixed a remote server crash with an LDAP add or modify request...

8.8CVSS2.4AI score0.01064EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2022/08/04 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2022:2659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.01064EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/08/04 12:0 a.m.20 views

openSUSE: Security Advisory for ldb, (SUSE-SU-2022:2659-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7.1AI score0.01064EPSS
Exploits0References2
OSV
OSV
added 2022/08/03 7:5 p.m.6 views

SUSE-SU-2022:2659-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging bsc1201490. - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request bsc1201492. - CVE-2022-2031: Fixed AD restrictions bypass associated wit...

8.8CVSS6AI score0.01064EPSS
Exploits0References17
OpenVAS
OpenVAS
added 2022/08/01 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2022:2586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.01064EPSS
Exploits0References2
Rows per page
Query Builder