3 matches found
CVE-2026-44986
CVE-2026-44986 affects Penpot prior to 2.14.5. The issue allows a pre-authenticated account takeover via team invitation tokens: tokens from create-team-invitations were exposed, an existing profile id was embedded in auth.clj prepare-register-profile, and auth.clj register-profile could issue a ...
PT-2026-28623
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The get api video file and get api video API endpoints do not verify video passwords for password-protected videos. This allows an unauthenticated...
CVE-2018-16219
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker in the same network as the device to change the admin password without authentication via a POST request...