Lucene search
+L

31 matches found

NVD
NVD
added 2026/06/23 1:16 p.m.14 views

CVE-2025-71337

Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...

8.7CVSS0.00296EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.3 views

CVE-2025-71337

Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 12:12 p.m.20 views

CVE-2025-71337

CVE-2025-71337 affects Flowise before 3.0.10 (impacted: 3.0.7 and earlier). A authenticated user can change the account email via the account profile endpoint without confirming the change to the original email or re-entering the current password, enabling potential account takeover and abuse of ...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/12 9:34 p.m.4 views

EUVD-2025-208615

Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address...

6.3CVSS5.8AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/03/12 7:16 p.m.4 views

CVE-2025-13913

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

6.8CVSS0.00345EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/12 6:17 p.m.2 views

CVE-2025-13913

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

6.3CVSS5.8AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/03/12 6:17 p.m.28 views

CVE-2025-13913

The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...

6.8CVSS5.8AI score0.00345EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/12 6:17 p.m.32 views

CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

6.3CVSS0.00345EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 6:17 p.m.2 views

CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

6.3CVSS5.8AI score0.00345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25038

Name of the Vulnerable Software and Affected Versions Inductive Automation Ignition affected versions not specified Description An Ignition user importing a specially crafted external file can lead to the execution of embedded malicious code during deserialization. This can occur intentionally or...

6.3CVSS6AI score0.00345EPSS
Exploits0References8
NVD
NVD
added 2026/02/17 11:16 p.m.10 views

CVE-2026-1670

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS0.00833EPSS
Exploits0References3
CVE
CVE
added 2026/02/17 10:56 p.m.30 views

CVE-2026-1670

CVE-2026-1670 affects Honeywell CCTV products including Honeywell I-HIB2PI-UL 2MP IP, SMB NDAA MVO-3, PTZ WDR 2MP 32M, and 25M IPC. The root cause is an unauthenticated API endpoint exposure that allows an attacker to remotely change the recovery email address used for password resets, potentiall...

9.8CVSS5.5AI score0.00833EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/17 10:56 p.m.3 views

CVE-2026-1670

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS5.5AI score0.00833EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/17 10:56 p.m.5 views

CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS5.5AI score0.00833EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/17 10:56 p.m.35 views

CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS0.00833EPSS
Exploits0References3
ICS
ICS
added 2026/02/17 7:0 a.m.13 views

Honeywell HIB2PI CCTV Camera (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. 2. RECOMMENDED PRACTICES CISA recommends...

9.8CVSS7.5AI score0.00833EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2025/11/14 8:56 p.m.13 views

Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)

Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/14 8:56 p.m.5 views

GHSA-X39M-3393-3QP4 Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)

Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...

8.3CVSS6.9AI score0.00296EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-6684

Malware in sbrugna...

6.5CVSS6.6AI score0.00985EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8784

Malicious code in bioql PyPI...

7.9CVSS6.7AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder