Lucene search
K

12 matches found

NVD
NVD
added 2026/02/03 6:16 p.m.16 views

CVE-2026-24669

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

7.8CVSS0.00151EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-29616

Malware in sbrugna...

9.4CVSS9AI score0.01846EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-84: Insecure firmware update mechanism in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows a remote attacke with administrative permissions in the execution environment to upload a modified update archive and execute arbitrary cod...

9.4CVSS6.3AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.23 views

AppPresser < 4.3.0 - Insecure Password Reset Mechanism

Description The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.4AI score0.00925EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2023/11/22 12:0 a.m.696 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

9.8CVSS8.1AI score0.06801EPSS
Exploits4
Veracode
Veracode
added 2023/11/20 10:39 a.m.63 views

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

7.5CVSS7.2AI score0.00304EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/11/01 3:30 p.m.28 views

CVE-2023-40061 Insecure Job Execution Mechanism Vulnerability

Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result...

8.8CVSS8.9AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2022/08/31 4:15 p.m.18 views

CVE-2022-2005

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

7.5CVSS0.00441EPSS
Exploits0References1
Prion
Prion
added 2022/08/31 4:15 p.m.18 views

Code injection

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

5CVSS7.3AI score0.00441EPSS
Exploits0References1Affected Software12
NVD
NVD
added 2020/02/17 9:15 p.m.22 views

CVE-2020-8768

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device...

9.4CVSS9.3AI score0.01846EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/17 8:6 p.m.25 views

CVE-2020-8768

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device...

9.2AI score0.01846EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/11/16 11:57 a.m.94 views

Stripo Inc: Able to change password by entering wrong old password

Vulnerability Name: Able to change password by entering wrong old password. Description: The password change mechanism which is located at https://my.stripo.email/cabinet//profile is insecure as the password can be changed without knowing the old password. Any unauthorized user can access the...

7.2AI score
Exploits0
Rows per page
Query Builder