EUVD-2025-202462

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

Ibexa User Bundle is missing password change validation

Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...

Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞

Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are both security orchestration, automation and response software from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise that stems from insufficient password change validation, whi...

CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

EUVD-2024-53501

Malicious code in bioql PyPI...