88 matches found
CVE-2026-24789
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...
CVE-2026-24789
CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...
PT-2026-7620
Name of the Vulnerable Software and Affected Versions Affected versions not specified Description An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. The vulnerable API endpoint is exposed without requiring any form of...
ZLAN5143D 访问控制错误漏洞
ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from unprotected API endpoints. This vulnerability could allow attackers to remotely change device passwords without requiring authentication...
EUVD-2007-5041
Malware in sbrugna...
EUVD-2018-18061
Malware in sbrugna...
EUVD-2018-6667
Malware in sbrugna...
EUVD-2025-28278
Malicious code in bioql PyPI...
EUVD-2021-28021
Malicious code in bioql PyPI...
CVE-2023-38379
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved...
CVE-2020-11964
In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11966
In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2025-4903
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R68125. This affects the function sub41F4F0 of the file /H5/webgl.asp?tgglport=0management=0passwd=gameservice=admin-restart. The manipulation leads to unverified password change. It is possible to initia...
The vulnerability of the application access protection software in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, has a flaw related to the lack of necessary verification during password changes. This allows attackers to alter user passwords.
The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the lack of necessary authentication during password changes. Exploiting this vulnerability allows an attacker to remotely change a user’s password...
The vulnerability of the Connectize G6 AC2100 router’s microprogramming software lies in the lack of protective measures for the website structure, allowing attackers to alter the Wi-Fi password.
The vulnerability of the Connectize G6 AC2100 router’s microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to change the Wi-Fi password remotely...
SpringBlade Secure Mode Bypass Vulnerability
SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. SpringBlade suffers from a security model bypass vulnerability that stems from exposing a signing key, which can be exploited by an attacker to conduct a SQL injection attack by forging a JWT,...