Lucene search
+L

51 matches found

OSV
OSV
added 2026/06/26 7:47 p.m.2 views

CVE-2026-44733 OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allows attackers to chan...

5.9CVSS6AI score0.00175EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data through a malicious website...

6.5CVSS6.9AI score0.0075EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 5:42 p.m.7 views

CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null"

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password:...

9.4CVSS5.9AI score0.00296EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/16 12:54 a.m.5 views

EUVD-2026-23137

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00091EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 12:0 a.m.5 views

CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

5.8AI score0.00263EPSS
Exploits1References4
OSV
OSV
added 2026/04/16 12:0 a.m.2 views

CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

7.1CVSS6AI score0.00263EPSS
Exploits1References4
OSV
OSV
added 2026/03/04 9:15 a.m.3 views

CVE-2026-27441

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22209

Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop, a TypeScript-first eCommerce platform, has an issue in the "Forgot Password" functionality. When a target email address is provided, the API response includes the password reset token. Thi...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.17 views

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

9.8CVSS7.9AI score0.0422EPSS
Exploits5References1
CVE
CVE
added 2025/12/30 12:0 a.m.25 views

CVE-2025-65409

GNU Recutils v1.9 contains a divide-by-zero in its encryption/decryption routines that can be triggered by supplying an empty password, resulting in denial of service. Publicly listed advisories indicate the affected component is gnu-recutils (version 1.9); OpenSUSE reports a GA fix in gnu-recuti...

7.5CVSS6.4AI score0.00317EPSS
Exploits2References4Affected Software1
HackRead
HackRead
added 2025/12/29 7:10 p.m.8 views

Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/12/02 1:1 p.m.20 views

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

8.5CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/11 12:2 p.m.17 views

CVE-2025-11599 Campcodes Online Apartment Visitor Management System forgot-password.php sql injection

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

7.5CVSS0.00391EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-16634

Malware in sbrugna...

7.5CVSS7.6AI score0.00943EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3021

Malware in sbrugna...

4.6CVSS5AI score0.00164EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-0732

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00791EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-19788

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00755EPSS
Exploits0References3
ICS
ICS
added 2025/08/12 12:0 a.m.7 views

Siemens SINUMERIK

SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

8.7CVSS7.8AI score0.00242EPSS
Exploits0References10
OSV
OSV
added 2025/05/26 8:53 a.m.12 views

CVE-2025-4057 Activemq-artemis-operator: amq broker operator starting credentials reuse

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies...

5.5CVSS5.9AI score0.00148EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 p.m.3 views

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

7.5CVSS7AI score0.01186EPSS
Exploits0References1
Rows per page
Query Builder