PT-2026-23686

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to configurar perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, an...

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...

CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

TastyIgniter vulnerable to Cross-Site Scripting

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

EUVD-2008-6933

Malware in sbrugna...

EUVD-2023-27566

Malicious code in bioql PyPI...

EUVD-2023-31610

Malicious code in bioql PyPI...

CVE-2021-24133

Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account...

PT-2025-49794

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of robust list pointers during an exec operation. Specifically, the sys get robust list and compat get robust list functions may...

PT-2024-13140 · Aten · Aten Pe6208

Name of the Vulnerable Software and Affected Versions: Aten PE6208 versions 2.3.228 through 2.4.232 Description: The issue concerns incorrect access control in the account management function of the web interface, allowing remote authenticated users to alter user and administrator account...

CVE-2023-36133

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...

CVE-2023-23466

Media CP Media Control Panel latest version. Insufficiently protected credential change...

Code injection

Media CP Media Control Panel latest version. Insufficiently protected credential change...

Media CP Media Control Panel 安全漏洞

MEDIA CONTROL PANEL Media CP Media Control Panel is an application from MEDIA CONTROL PANEL, Inc. A security vulnerability exists in Media CP Media Control Panel that stems from inadequate credential change protection...

CVE-2023-23466 Media CP Media Control Panel – insufficiently protected credential change

Media CP Media Control Panel latest version. Insufficiently protected credential change...

CVE-2023-23466 Media CP Media Control Panel – insufficiently protected credential change

Media CP Media Control Panel latest version. Insufficiently protected credential change...

CVE-2023-23078

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets...

CVE-2022-30328

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...

USR IOT 4G LTE Industrial Cellular VPN Router 信任管理问题漏洞

Jinan USR IOT Technology USR IOT 4G LTE Industrial Cellular VPN Router is an industrial-grade 4G wireless LTE router from Jinan USR IOT Technology China. A security vulnerability exists in the USR IOT 4G LTE Industrial Cellular VPN Router version 1.0.36, which originates from the inability to...

PT-2022-19348 · Unknown · Online Banquet Booking System

Name of the Vulnerable Software and Affected Versions: Online Banquet Booking System version 1.0 Description: A Cross-Site Request Forgery CSRF issue allows attackers to change admin credentials via a crafted POST request. Recommendations: For Online Banquet Booking System version 1.0, consider...