52 matches found
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521 Password Confirmation Bypass in Omada Controller
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521
CVE-2025-9521 concerns a Password Confirmation Bypass in Omada Controllers. The trusted-source documents indicate that an attacker with a valid session token can bypass secondary verification and change a user’s password without proper confirmation, weakening account security. Affected product is...
EUVD-2025-206348
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
CVE-2025-9521 Password Confirmation Bypass in Omada Controller
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...
EUVD-2025-197618
Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change...
EUVD-2025-197619
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change credentials...
EUVD-2021-12220
Malware in sbrugna...
Weak Password Requirements
Overview Affected versions of this package are vulnerable to Weak Password Requirements via manipulation of the Senha/Confirmação da senha argument in the User Creation Page. An attacker can bypass strong password requirements by submitting weak passwords during user account creation. Remediation...
CVE-2025-11322 Mangati NovoSGA User Creation new weak password
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launch...
EUVD-2025-32490
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launch...
Mangati NovoSGA 安全漏洞
Mangati NovoSGA is a service management system from the Brazilian company Mangati. A security vulnerability exists in Mangati NovoSGA version 2.2.12 and earlier, which stems from incorrect manipulation of the parameter Senha/Confirmação da senha in the User Creation page, and could result in a we...
CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CVE-2022-29534
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header...
CVE-2022-30755
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent...
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...
CVE-2024-52518
CVE-2024-52518 (Nextcloud Server) : A session takeover allows an attacker who gains access to a user or admin session to create, modify, or delete external storages without re-entering a password. Descriptions across multiple sources (NVD, Red Hat, GitHub advisories) confirm the issue affects Nex...