31 matches found
CVE-2026-9512 Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection
A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...
CVE-2026-33297
WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...
CVE-2020-37132
CVE-2020-37132 affects UltraVNC Launcher 1.2.4.0. The vulnerability is a denial-of-service condition in the password configuration properties: a local attacker can crash the launcher by entering an overly long 300-character string as a password. The issue is described in multiple connected source...
Innomic VibroLine Series 访问控制错误漏洞
The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a access control vulnerability, where unverified remote attackers can obtain full access to affected devices. This occurs because thes...
CVE-2025-52079
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...
EUVD-2018-11060
Malware in sbrugna...
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...
PT-2025-6212 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions 1.8.0 through 1.8.3 SoftwareX versions prior to 1.8.0 Description: The issue allows restricted information to be viewed through the main text, a feature introduced in version 1.8.0. This affects the frame publishing functio...
PT-2023-13460 · Nokelock · Nokelock Smart Padlock O1 +1
Name of the Vulnerable Software and Affected Versions: Nokelock Smart padlock O1 version 5.3.0 Description: The issue allows an attacker to send a request and add any device, as well as set the device password in the Nokelock app, due to insecure permissions. Recommendations: For version 5.3.0,...
CVE-2022-36228
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app...
CVE-2023-2846
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets...
Design/Logic Flaw
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
OctoPrint 安全漏洞
OctoPrint is an application. that provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in versions prior to OctoPrint 1.8.3 that stems from setting a new password for a user when the product does not require knowledge of the original password or the...
LY Corporation: See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)
For new accounts that haven't set passwords yet, an attacker is able to see drafts or post articles as victims...
CVE-2021-21472
SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...
CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...
CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...
CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...
CVE-2020-8228
CVE-2020-8228 describes a missing rate limit on the signup page in the Nextcloud Preferred Providers app (version 1.7.0), allowing an attacker to repeatedly set the password. The OpenSUSE security advisory (NC-SA-2020-033) and related OSS notes confirm this CVE and indicate it was addressed in th...