Lucene search
K

4723 matches found

ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-5523

The CVE describes a privilege-escalation flaw in the Divi Form Builder plugin for WordPress (versions up to and including 5.1.8). The root cause is missing authorization checks: update_user() accepts a user ID from form submissions without validating the editor’s permission for that target user, ...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42506

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday8 views

LatePoint <= 5.0.11 - SQL Injection

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS6AI score0.02823EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.4AI score0.02163EPSS
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-42500

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

6.3CVSS7.5AI score0.00149EPSS
Exploits0References3
CVE
CVE
added 2 days ago4 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

0.00149EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago51 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6AI score0.73635EPSS
Exploits11References5
OSV
OSV
added 3 days ago3 views

PYSEC-2026-1147 Apache Airflow Fab Provider Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

2.1CVSS5.9AI score0.0092EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-14701

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/changepassword.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago15 views

CVE-2026-14701

CVE-2026-14701 affects code-projects Internship Management System 1.0. The vulnerability is in the Password Change Endpoint (employer/details/change_password.php) where manipulating the Current argument leads to SQL injection. The issue is exploitable remotely and the exploit is publicly availabl...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-14701 code-projects Internship Management System Password Change Endpoint change_password.php sql injection

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/changepassword.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed...

6.5CVSS0.002EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 2:13 p.m.2 views

PYSEC-2026-660 Cross Site Request Forgery in mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...

8.8CVSS6.9AI score0.0073EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 2:16 p.m.12 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.6 views

EUVD-2026-40323

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.8 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 1:37 p.m.12 views

CVE-2026-35096

KTM System e-BOK is affected by a Cross-Site Request Forgery (CSRF) in the email-change and password-change functions. The issue allows an attacker to lure an authenticated user to a malicious site that issues forged requests to perform an email or password change without user interaction. Root c...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.33 views

CVE-2026-35096 Cross-Site Request Forgery (CSRF) in KTM System e-BOK

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS0.00157EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the PUT /api/v1/accounts/pk/password/ endpoint. An attacker can gain unauthorized access to privileged accounts by bypassing object-level access...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References2
Rows per page
Query Builder