5 matches found
CVE-2025-52395
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly...
CVE-2024-8794
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...
CVE-2021-37029
There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...
CVE-2021-22860
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary...
CVE-2020-16222
In Patient Information Center iX PICiX Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct...