CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

CVE-2026-5550

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5550

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

EUVD-2023-28664

Malicious code in bioql PyPI...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

CVE-2024-31759

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...

CVE-2023-34732

An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

CVE-2024-48827

Summary: CVE-2024-48827 affects sbondCo Watcharr v1.43.0 and older. Multiple sources (NVD, Red Hat, OSV, CNNVD, CVE lists) describe a remote code execution and privilege escalation via the Change Password function. Public writeups/exploits (PacketStorm, Exploit-DB) show a reproducible RCE for Wat...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

PT-2024-33245 · Sbondco · Sbondco Watcharr

Name of the Vulnerable Software and Affected Versions: sbondCo Watcharr version 1.43.0 Description: The issue allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. Recommendations: For sbondCo Watcharr version 1.43.0, consider disabling the...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

CVE-2024-31759

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function...

PT-2024-24199 · Sanluan · Publiccms

Name of the Vulnerable Software and Affected Versions: sanluan PublicCMS version 4.0.202302.e Description: An issue in the software allows an attacker to escalate privileges via the change password function. Recommendations: For sanluan PublicCMS version 4.0.202302.e, consider disabling the chang...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...

PT-2023-19726 · Unknown · Simple Customer Relationship Management System

Name of the Vulnerable Software and Affected Versions: Simple Customer Relationship Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the oldpass parameter under the Change Password function. Recommendations:...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...