Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.4 views

PT-2026-27203

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References4
BDU FSTEC
BDU FSTECadded 2024/04/22 12:0 a.m.3 views

The vulnerability of Ruijie RG-NBR700GW router microprogramming software lies in the deficiencies of the password recovery mechanism. This allows attackers to recover or change their passwords without knowing the original password.

The vulnerability of Ruijie RG-NBR700GW router microprogramming software is related to deficiencies in the password recovery mechanism. Exploiting this vulnerability allows an attacker to recover or alter their passwords without knowing the original password...

10CVSS5.5AI score0.00724EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2023/03/01 12:0 a.m.22 views

Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7791)

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this...

9.8CVSS7.2AI score0.01896EPSS
Exploits0References4
Huntr
Huntradded 2022/06/16 2:9 p.m.27 views

InvenTree Deploys a Weak Password Change Mechanism

Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...

1AI score
Exploits0References1
Prion
Prionadded 2021/05/06 1:15 p.m.12 views

Design/Logic Flaw

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...

4.3CVSS5.8AI score0.02087EPSS
Exploits1References4Affected Software1
CNVD
CNVDadded 2017/03/21 12:0 a.m.2 views

Logic Flaw Vulnerability at My NJ Client APP Change Password Function

My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. A logic flaw exists in the password change function of MyNJ Client APP. Since the original password is not verified when changing the password, it allows an attacker...

6.7AI score
Exploits0
NVD
NVDadded 2008/01/12 2:46 a.m.12 views

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

10CVSS7.1AI score0.0353EPSS
Exploits1References3
securityvulns
securityvulnsadded 2003/06/05 12:0 a.m.23 views

CA Unicenter password recovery

It's possible to recover original password...

2.3AI score
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2001/01/22 5:0 a.m.21 views

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

9.6AI score0.11265EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 1999/01/01 12:0 a.m.6 views

PT-1999-1080 · Dpec · Dpec Online Courseware

Name of the Vulnerable Software and Affected Versions: DPEC Online Courseware affected versions not specified Description: The issue allows an attacker to change another user's password without knowing the original password. Recommendations: At the moment, there is no information about a newer...

10CVSS6.3AI score0.01603EPSS
Exploits0References2
Rows per page
Query Builder