Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.1 views

PT-2026-27203

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...

5.3CVSS5.8AI score0.00021EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2023/03/01 12:0 a.m.21 views

Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7791)

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this...

9.8CVSS7.3AI score0.00354EPSS
Exploits0References4
Huntr
Huntradded 2022/06/16 2:9 p.m.26 views

InvenTree Deploys a Weak Password Change Mechanism

Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...

1AI score
Exploits0References1
Prion
Prionadded 2021/05/06 1:15 p.m.7 views

Design/Logic Flaw

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...

4.3CVSS5.8AI score0.00386EPSS
Exploits1References4Affected Software1
CNVD
CNVDadded 2017/03/21 12:0 a.m.1 views

Logic Flaw Vulnerability at My NJ Client APP Change Password Function

My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. A logic flaw exists in the password change function of MyNJ Client APP. Since the original password is not verified when changing the password, it allows an attacker...

6.7AI score
Exploits0
NVD
NVDadded 2008/01/12 2:46 a.m.9 views

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

10CVSS7.1AI score0.05117EPSS
Exploits1References3
securityvulns
securityvulnsadded 2003/06/05 12:0 a.m.23 views

CA Unicenter password recovery

It's possible to recover original password...

2.3AI score
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2001/01/22 5:0 a.m.12 views

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

9.6AI score0.1071EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 1999/01/01 12:0 a.m.2 views

PT-1999-1080 · Dpec · Dpec Online Courseware

Name of the Vulnerable Software and Affected Versions: DPEC Online Courseware affected versions not specified Description: The issue allows an attacker to change another user's password without knowing the original password. Recommendations: At the moment, there is no information about a newer...

10CVSS6.3AI score0.00483EPSS
Exploits0References2
Rows per page
Query Builder