81 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Do not perform hex dumping of plaintext password data. The setnewpassword function performs hex dumping of the entire buffer, which contains plaintext password data, including current and new...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to an SQL Injection in update_password.php through the new_password parameter. The root cause is a vulnerable input path in update_password.php that fails to sanitize user-supplied data. The description does not provide exploit details, af...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...
EUVD-2026-20828
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...
EUVD-2026-15355
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the setnewpassword function using hexadecimal to dump plaintext password data, potentially leading to...
CVE-2019-25436
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...
PT-2025-51839
Name of the Vulnerable Software and Affected Versions Entrinsik Informer version 5.10.1 Description A malicious user can enumerate usernames through local user login. This is achieved by entering an OTP code and a new password, then analyzing the application's responses. Recommendations At the...
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...
CVE-2025-65185
Summary: CVE-2025-65185 affects Entrinsik Informer v5.10.1, enabling username enumeration during local login by supplying an OTP code and a new password and observing application responses. The vulnerability's impact is described as low (CVSS v3.1: 2.8, LOCAL access, user interaction required). O...
CVE-2025-65185
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...
EUVD-2025-200225
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...