3 matches found
CVE-2025-45321
Kashipara Online Service Management Portal V1.0 is affected by a SQL Injection in the /osms/Requester/Requesterchangepass.php endpoint, exploited via the rPassword parameter. The underlying cause is improper handling of this parameter, enabling an attacker to perform injection attacks. CVSS v3.1 ...
GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
CommScope Arris Surfboard Sb8200 访问控制错误漏洞
The CommScope Arris Surfboard Sb8200 is a Docsis 3.1 modem from CommScope USA. An access control error vulnerability exists in the CommScope Arris SurfBoard SB8200 that stems from the product's password change feature not having effective security measures in place. The vulnerability can be...