CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

krb5 security update

1.18.2-34.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-34 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Resolves: RHEL-171589 RHEL-171594...

D-Link DIR-605L和D-Link DIR-618 安全漏洞

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-618 version 2.02 and the D-Link DIR-605L version 3.02, which stems from improper access control of the file /goform/formSetPassword, and ca...

PT-2023-18961 · Sick · Sick Fx0-Gpnt00000 Flexisoft Pnet Gatew. +9

Name of the Vulnerable Software and Affected Versions: SICK UE410-EN3 FLEXI ETHERNET GATEW. versions all SICK UE410-EN1 FLEXI ETHERNET GATEW. versions all SICK UE410-EN3S04 FLEXI ETHERNET GATEW. versions all SICK UE410-EN4 FLEXI ETHERNET GATEW. versions all SICK FX0-GENT00000 FLEXISOFT EIP GATEW...

SUSE CVE-2015-0240

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

Design/Logic Flaw

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

QNAP #QCenter change_passwd Command Execution Exploit

This Metasploit module exploits a command injection vulnerability in the changepasswd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin'...

Information disclosure

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system...

drchrono: Bypass password complexity requirements on passsword reset page

Hi, the 'password reset' feature doesn't implement the password complexity requirements the site enforces when first signing up. Because of this issue, I was able to set my password to '1', bypassing the 8 character rule, and the rule which requires me to add a number and a special character to m...

UBUNTU-CVE-2015-0240

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets...

lexmark-config NSE Script

Retrieves configuration information from a Lexmark S300-S400 printer. The Lexmark S302 responds to the NTPRequest version probe with its configuration. The response decodes as mDNS, so the request was modified to resemble an mDNS request as close as possible. However, the port 9100/udp is listed ...

CVE-2001-1430

Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access...