Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-8772

Malware in sbrugna...

9.8CVSS9.2AI score0.01603EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-2546

Malware in sbrugna...

5CVSS6.4AI score0.0162EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-23162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a res...

5.5CVSS6.2AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.6 views

PT-2025-28034

Name of the Vulnerable Software and Affected Versions Netmake ScriptCase versions prior to 9.12.006 23 Description The Production Environment extension contains a flaw in the administrator password reset mechanism. An unauthenticated remote attacker can bypass authentication and take over the...

7.8CVSS8.2AI score0.14441EPSS
Exploits5References26
NVD
NVD
added 2025/05/30 7:15 a.m.14 views

CVE-2025-48936

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.8CVSS0.00358EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 11:16 a.m.74 views

CVE-2025-29995

The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...

8.3CVSS6.3AI score0.00337EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.184 views

BMC TrackIt! Unauthenticated Arbitrary User Password Change

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC TrackIt! Unauthenticated Arbitrary User Password Change', 'Description' = %q This module exploits a flaw in the password reset mechanism in B...

5CVSS7.1AI score0.20084EPSS
Exploits2
NVD
NVD
added 2024/03/21 2:48 a.m.17 views

CVE-2023-38825

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...

9.8CVSS7.1AI score0.00952EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/06 12:0 a.m.14 views

CVE-2023-38825

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...

7.5AI score0.00952EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2024/01/12 6:29 p.m.455 views

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab

CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...

10CVSS9.2AI score0.94955EPSS
Exploits16
Vulnrichment
Vulnrichment
added 2023/04/28 10:6 a.m.9 views

CVE-2023-30466 Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR)

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a...

9.8CVSS9.4AI score0.0113EPSS
Exploits0References1
CVE
CVE
added 2023/04/28 10:6 a.m.84 views

CVE-2023-30466

CVE-2023-30466 affects Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG/E/T/H/C). The root cause is a weak password-reset mechanism in the NVR web-based management interface, enabling a remote attacker to perform account takeover via specially crafted HTTP requests. The connected sources provid...

9.8CVSS9.5AI score0.0113EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.9 views

PT-2022-6293 · Апекс-Вуз · Апекс-Вуз

Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the password reset mechanism in the education automation system, which uses the SHA-1 encryption algorithm with insufficient strength. This could allow a remote...

5CVSS7AI score
Exploits0References1
Prion
Prion
added 2021/12/09 4:15 p.m.18 views

Authentication flaw

An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...

4CVSS6.7AI score0.00906EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/09 3:33 p.m.39 views

CVE-2021-41696

The CVE-2021-41696 entry concerns Premiumdatingscript 4.2.7.7, where an authentication bypass/account takeover arises from a weak password reset mechanism in requests\user.php. This vulnerability enables bypassing authentication without user interaction,典ically allowing unauthorized access and po...

6.5CVSS6.6AI score0.00906EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/09 3:33 p.m.24 views

CVE-2021-41696

An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...

6.9AI score0.00906EPSS
Exploits1References1
OSV
OSV
added 2019/05/02 8:29 p.m.15 views

CVE-2018-16988

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass account takeover exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a...

9.8CVSS7.4AI score0.01603EPSS
Exploits0References1
CVE
CVE
added 2019/05/02 7:38 p.m.44 views

CVE-2018-16988

Open XDMoD

9.8CVSS9.5AI score0.01603EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2018/03/09 9:1 a.m.11 views

Vulnerability in Robots Can Lead To Costly Ransomware Attacks

CANCUN, Mexico – A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements. The vulnerability was disclosed at Kaspersky Lab’s Security...

0.7AI score
Exploits0References2
seebug.org
seebug.org
added 2015/08/31 12:0 a.m.24 views

74cms最新版重置任意账号密码

简要描述: 密码重置机制可以绕过,同时可重置任意账号密码 demo测试成功 详细说明: 先看下 \user\usergetpass.php $act = !empty$REQUEST'act' ? trim$REQUEST'act' : 'enter'; $smarty-assign'headernav',"getpass"; if $act=='enter' $smarty-assign'title','找回密码 - '.$CFG'sitename'; $token=substrmd5mtrand100000, 999999, 8,16; //生成token...

7.1AI score
Exploits0
Rows per page
Query Builder