CVE-2025-59808

Fortinet FortiSOAR PaaS and FortiSOAR on-premise are affected by an unverified password change vulnerability (CWE-620) that may allow an attacker who already has access to a user account to reset credentials without the current password. Affected versions include FortiSOAR PaaS 7.3–7.6.2 and Fort...

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access o...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

Compromise of Sisense Customer Data

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used ...

PT-2022-27993 · Fortinet · Fortigate

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue is related to improper access control in the usememos/memos GitHub repository. There have been real-world incidents where this issue was exploited, including a leak of data from ov...

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

Unspecified Vulnerability in Multiple Schneider Electric Products

Schneider Electric Modicon M340, etc. are programmable logic controller products of Schneider Electric France. An unspecified vulnerability exists in several Schneider Electric products. An attacker could use this vulnerability to delete or reset existing usernames and passwords...

ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges

Ansible Tower, before version 3.2.4, has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization...

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...

Skype Account Service Reset Credentials

Title: ====== Skype Account Service - Reset Session Password/Username Vulnerability Date: ===== 2012-11-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=720 MSRC ID: 13050bc News:...