79 matches found
CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...
EUVD-2026-33359
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...
PT-2026-44967
Name of the Vulnerable Software and Affected Versions KMW CCTV Security Cameras affected versions not specified Description An issue exists that allows an unauthenticated attacker to remotely reset the administrator password to a known value. This action grants full access to the camera settings...
CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...
CVE-2026-35676
phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...
phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid username + email pair, they can call the reset endpoint directly. The application immediately generates a new password, writes it to the account, and...
Exploit for CVE-2025-15521
CVE-2025-15521 The Academy LMS – WordPress LMS Plugin for Comp...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2025-70833
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user including the administrator and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php...
CVE-2026-1994
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2025-15030
CVE-2025-15030 affects the WordPress plugin User Profile Builder up to version 3.15.2. The vulnerability arises from an improper password reset flow, allowing unauthenticated actors to reset any user’s password by supplying a username (e.g., administrator) and a crafted request; no valid reset to...
PT-2026-5609
Name of the Vulnerable Software and Affected Versions User Profile Builder WordPress plugin versions prior to 3.15.2 Description The User Profile Builder WordPress plugin does not have a secure password reset process. This allows unauthenticated requests to reset the password for any user,...
CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...
CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...
CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
PT-2026-4752
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
VulnCheck KEV: CVE-2025-15521
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...
PT-2026-2223
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.2 Description OpenProject is a web-based project management software. The unauthenticated password-change endpoint, /account/change password, lacked the brute-force protection present in the standard login...
CVE-2025-14998
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...