PT-2026-41562

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account...

CVE-2026-39462

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

CVE-2026-24432 Tenda W30E V2 Missing CSRF Protections for Administrative Actions

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 lack cross-site request forgery CSRF protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered b...

Unverified Password Change

Overview Affected versions of this package are vulnerable to Unverified Password Change via the password change process in the back office. An attacker can gain unauthorized access to change account credentials by exploiting the lack of previous password validation during the password change...

CVE-2024-32014

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...

EUVD-2025-37204

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

EUVD-2021-14476

Malware in sbrugna...

CVE-2023-27875

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...

ATEN International PE6208 安全漏洞

The ATEN International PE6208 is a power distribution unit from China-based ATEN Automation Technology ATEN International. A security vulnerability exists in the ATEN International PE6208 version 2.3.228, version 2.4.232, which originates from incorrect access control in the account management...

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

Koha Library Management System Cross-Site Scripting Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Individual Developer. A cross-site scripting vulnerability exists in Koha Library Management System version 23.05.05 and earlier, which stems from a cross-site...

CVE-2023-23466

Media CP Media Control Panel latest version. Insufficiently protected credential change...

CVE-2023-22331

Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in CONPROSYS HMI System CHS, which arises from the use of default credentials, where user...

CVE-2022-2105

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CMSuno Code Injection Vulnerability

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. The vulnerability can be exploited to inject malicious PHP code as a "username" when changing a username and password, which can be used to run commands on the server...

CVE-2020-12106

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point...

CVE-2020-11706

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...