12 matches found
EUVD-2026-40648
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2025-7499
Malicious code in bioql PyPI...
CVE-2025-2114 Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization
A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of t...
CVE-2024-57439
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...
CVE-2024-57439
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...
CVE-2024-57439
CVE-2024-57439 affects Ruoyi v4.8.0. The vulnerability resides in the reset password interface, where attackers with Admin privileges can trigger a Denial of Service by duplicating the login name of an account. Affected component is the reset-password flow; root cause and exact code path are not ...
CVE-2024-38468
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API...
CVE-2021-20147
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...
Tenda AC6 Denial of Service Vulnerability
Tenda AC6 is an AC1200 model intelligent dual-band WiFi router. A denial of service vulnerability exists in Tenda AC6 15.03.06.51multi. An attacker can exploit this vulnerability by sending a large HTTP POST request to the Change Password API to cause the router to crash and enter an infinite boo...
cPanel cross-site scripting vulnerability (CNVD-2019-30464)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the reset password interface in versions prior to cPanel 62.0.4. The vulnerability...
CVE-2018-18286
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the...
Securekit Steganography / Camouflage protection bypass
File with hidden information has strong signature, password protection is implemented in interface only...