Lucene search
K

10 matches found

CVE
CVE
added 2026/05/21 9:7 p.m.16 views

CVE-2026-7879

Concrete CMS 9.5.0 and earlier is affected by a vulnerability in submit_password() within concrete/controllers/single_page/download_file.php that permits unauthorized access to files. The issue arises because downloading permission-restricted files bypasses the view_file permission check; files w...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/26 4:15 p.m.3 views

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

7.5CVSS6.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48150

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.0 Description The software contains an incorrect access control issue. Specifically, a permission check is missing in the resetPwd method of the SysUserController.java file. This allows for potential privilege escalation...

7.5CVSS6.8AI score0.00266EPSS
Exploits0References9
CVE
CVE
added 2025/11/26 12:0 a.m.16 views

CVE-2025-46174

CVE-2025-46174 affects Ruoyi v4.8.0. The issue is an Incorrect Access Control due to a missing checkUserDataScope permission check in the resetPwd method of SysUserController.java. This could allow unauthorized password resets without proper data-scope validation, enabling potential privilege esc...

7.5CVSS6.3AI score0.00266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/08/22 4:15 p.m.4 views

CVE-2025-50674

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...

7.8CVSS0.00172EPSS
Exploits1References2
CVE
CVE
added 2025/08/22 12:0 a.m.23 views

CVE-2025-50674

OpenMediaVault 7.4.17 has a local privilege-escalation flaw in the changePassword function (/usr/share/php/openmediavault/system/user.inc). The underlying issue allows a locally authenticated user to elevate privileges to root. CVSSv3.1 base metrics indicate: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (...

7.8CVSS6.5AI score0.00172EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/10 4:53 p.m.3 views

USN-3944-1 wpa vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

8.1CVSS5.8AI score0.05372EPSS
Exploits0References6
OSV
OSV
added 2018/02/21 4:29 p.m.1 views

DEBIAN-CVE-2015-5315

The eappwdprocess function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service process...

5.9CVSS5.8AI score0.02548EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/18 12:0 a.m.4 views

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

Novell ZENworks Configuration Management is the configuration management solution within the ZENworks System Gateway tool. A security vulnerability exists in the ChangePassword RPC method of Novell Zenworks, where, through a malformed query, an attacker combines a reference to a system entity wit...

5.3CVSS7.4AI score0.01272EPSS
Exploits0References1
myhack58
myhack58
added 2006/03/19 12:0 a.m.15 views

To cope with the MD5 password method Raiders-vulnerability warning-the black bar safety net

...

1.9AI score
Exploits0
Rows per page
Query Builder