2 matches found
CVE-2025-71328
Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...
CVE-2023-24052
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password...