Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.7 views

CVE-2018-19511

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password...

6.5CVSS7AI score0.00727EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3089

Malware in sbrugna...

8.8CVSS8.8AI score0.01324EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0018

Malware in sbrugna...

4.9CVSS6.8AI score0.01428EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1288

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.00495EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0197

Malicious code in bioql PyPI...

3.3CVSS4.1AI score0.00241EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48129

Malicious code in bioql PyPI...

6.9CVSS4.9AI score0.00319EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/05/30 4:30 a.m.16 views

CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

7.1CVSS6.7AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:41 a.m.4 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7.2CVSS7AI score0.01679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:43 p.m.10 views

CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account...

8.1CVSS6.8AI score0.00792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.8 views

CVE-2021-25940

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system...

8.8CVSS7AI score0.0078EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.5 views

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

9.1CVSS7AI score0.01312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.7 views

CVE-2021-3740

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a...

6.8CVSS6.8AI score0.00197EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 a.m.8 views

CVE-2013-5116

Evernote prior to 5.5.1 has insecure password change...

7.1CVSS7AI score0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:21 a.m.10 views

CVE-2019-15299

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contactautologinkey field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication...

8.8CVSS7AI score0.01632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:2 p.m.6 views

CVE-2008-7289

IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service DB2 daemon deadlock by making password changes that trigger updates to a D...

4CVSS6.6AI score0.00883EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/20 12:0 a.m.5 views

TYPO3 9.0.0 < 9.5.51 ELTS / 10.0.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-013)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.51 ELTS / 10.0.0 prior to 10.4.50 ELTS / 11.0.0 prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-013 advisory. -...

3.8CVSS5.6AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19824 · WordPress · Reales Wp Stpt

Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as the password. This allows authenticat...

8.8CVSS8.9AI score0.00512EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/02 7:20 p.m.20 views

CVE-2024-47784

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier...

2.6CVSS6.9AI score0.00157EPSS
Exploits0References3
Citrix
Citrix
added 2025/05/01 12:0 a.m.11 views

Citrix FAS Cloud: Session logon hangs after password change when launching application

User has the password expired or "set at next logon" flag is set. However, user is able to login to workspace due to the cached credentials being used. When user launches an app they are prompted to change their AD password. Once this is complete, message to confirm password change is successful,...

7.3AI score
Exploits0
OSV
OSV
added 2025/04/14 9:15 a.m.4 views

CVE-2025-24859

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...

8.8CVSS7.2AI score
Exploits0References3
Rows per page
Query Builder