CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1325

CVE-2026-1325 concerns Sangfor Operation and Maintenance Security Management System up to version 3.0.12, where the edit_pwd_mall function in /fort/login/edit_pwd_mall is vulnerable. The vulnerability involves manipulation of the flag argument, enabling weak password recovery and enabling remote ...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

Sangfor Operation and Maintenance Security Management System Authorization Issues Vulnerabilities

The Sangfor Operation and Maintenance Security Management System is a security management system for operations and maintenance developed by Sangfor Corporation. Versions of the Sangfor Operation and Maintenance Security Management System 3.0.12 and earlier contained an authorization issue...

PT-2026-3933

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions prior to 3.0.13 Description A security flaw exists in Sangfor Operation and Maintenance Security Management System. The issue involves the edit pwd mall function within the...

CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

WordPress plugin Wp Edit Password Protected security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

Schneider Electric CNM

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager CNM Software Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

CVE-2020-20466

White Shark System WSS 1.3.2 is vulnerable to unauthorized access via usereditpassword.php, remote attackers can modify the password of any user...

White Shark System 跨站请求伪造漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A cross-site request forgery vulnerability exists in...

CVE-2018-13351

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form...

CVE-2018-13351

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form...

ecshop绕过原密码校验直接修改用户密码（安全隐患）

简要描述： 最新版本也存在此问题 详细说明： 该漏洞有个前提，需要会员系统整合ucenter 问题出在 user.php $action == 'acteditpassword' $oldpassword = isset$POST'oldpassword' ? trim$POST'oldpassword' : ''; $newpassword = isset$POST'newpassword' ? trim$POST'newpassword' : ''; $userid = isset$POST'uid' ? intval$POST'uid' : $userid; $code =...