31 matches found
CVE-2025-71337
Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...
CVE-2025-71337
Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...
CVE-2025-71337
CVE-2025-71337 affects Flowise before 3.0.10 (impacted: 3.0.7 and earlier). A authenticated user can change the account email via the account profile endpoint without confirming the change to the original email or re-entering the current password, enabling potential account takeover and abuse of ...
EUVD-2025-208615
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address...
CVE-2025-13913
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...
CVE-2025-13913
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...
CVE-2025-13913
The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...
CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...
CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...
PT-2026-25038
Name of the Vulnerable Software and Affected Versions Inductive Automation Ignition affected versions not specified Description An Ignition user importing a specially crafted external file can lead to the execution of embedded malicious code during deserialization. This can occur intentionally or...
CVE-2026-1670
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...
CVE-2026-1670
CVE-2026-1670 affects Honeywell CCTV products including Honeywell I-HIB2PI-UL 2MP IP, SMB NDAA MVO-3, PTZ WDR 2MP 32M, and 25M IPC. The root cause is an unauthenticated API endpoint exposure that allows an attacker to remotely change the recovery email address used for password resets, potentiall...
CVE-2026-1670
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...
CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...
CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...
Honeywell HIB2PI CCTV Camera (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. 2. RECOMMENDED PRACTICES CISA recommends...
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)
Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...
GHSA-X39M-3393-3QP4 Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)
Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...
EUVD-2019-6684
Malware in sbrugna...
EUVD-2021-8784
Malicious code in bioql PyPI...