CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

CVE-2026-33124 Frigate has insecure password change functionality

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

PT-2026-26598

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained...

CVE-2026-24440

The issue affects Shenzhen Tenda W30E V2 with firmware up to version V16.01.0.19(5037). The maintenance interface allows an account password to be changed without verifying the existing password, enabling unauthorized password changes if an attacker can reach the affected endpoint. The available ...