Lucene search
K

19 matches found

OSV
OSV
added 2025/12/10 9:16 p.m.15 views

CVE-2025-65831

The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...

7.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.5 views

PT-2025-36007

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...

7.9CVSS5.9AI score0.00213EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34054 · Unknown · Touch Lebanon Mobile App

Name of the Vulnerable Software and Affected Versions: Touch Lebanon Mobile App version 2.20.2 Description: A flaw exists in the password reset workflow that allows an attacker to bypass the one-time password OTP reset password mechanism. By manipulating the reset process, an unauthorized user ma...

8.8CVSS6.6AI score0.00339EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.5 views

CVE-2024-5277

In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...

7.5CVSS7.5AI score0.00353EPSS
Exploits1References1
CVE
CVE
added 2025/05/23 1:6 a.m.66 views

CVE-2025-5098

CVE-2025-5098 affects Mobile Dynamix PrinterShare Mobile Print (Android). Technical details from KoreLogic KL-001-2025-003 show the vulnerability arises in the Android app where Gmail OAuth tokens are captured and stored in plaintext, enabling token reuse to access a user’s Gmail account. The fla...

9.1CVSS6.7AI score0.00265EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/23 12:21 a.m.21 views

CVE-2024-57490

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw...

7.7CVSS6.9AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 10:2 a.m.75 views

CVE-2024-45586

CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...

9.2CVSS8.6AI score0.00432EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/06/06 6:15 p.m.16 views

CVE-2024-5277

In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...

7.5CVSS0.00353EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 8:31 p.m.22 views

Security Bulletin: IBM OpenPages Is Vulnerable to Privilege Escalation attack (CVE-2023-38738)

Summary IBM OpenPages with Watson is affected by unauthorized account access due to Native authentication method. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-38738 DESCRIPTION: IBM OpenPages could provide weaker than expected security in a OpenPages environment using...

8.1CVSS7.6AI score0.00528EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/11/03 12:15 p.m.15 views

Input validation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

7.5CVSS8.7AI score0.02888EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/03 11:29 a.m.105 views

CVE-2023-3277

CVE-2023-3277 affects the WordPress MStore API plugin (versions

9.8CVSS7.2AI score0.02888EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/03/03 5:47 p.m.17 views

CVE-2020-28597

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...

9.8CVSS7.5AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2019/04/26 3:29 p.m.8 views

CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.8CVSS8.6AI score0.01573EPSS
Exploits0References8
CNVD
CNVD
added 2019/04/17 12:0 a.m.1 views

Warburg Pincus App Has Logic Flaw Vulnerability

Huabao Intelligent Investment APP is an intelligent stock speculation software that integrates stock account opening, market information and automatic trading. There is a logic flaw vulnerability in Huabao Intelligent Investment APP, which can be exploited by an attacker to log into any account...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/13 6:31 p.m.12 views

Panic attack: Apple scams apply pressure

We've seen a number of Apple-related phishes in circulation over the last few days. While most of them already lead to deactivated phishing sites, we thought it was worth highlighting some of the tricks being used to bait people into handing over payment details at the moment. Fake receipt emails...

6.6AI score
Exploits0
NVD
NVD
added 2017/07/17 1:18 p.m.13 views

CVE-2017-1000027

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access...

6.1CVSS6.1AI score0.01158EPSS
Exploits0References2
CVE
CVE
added 2017/07/13 8:0 p.m.44 views

CVE-2017-1000027

CVE-2017-1000027 concerns Koozali Foundation SME Server (versions 8.x–10.x). The vulnerability is an open URL redirect in the user web login function, enabling unauthorized account access. The available connected documents confirm the affected product family and the open redirect flaw as the root...

6.1CVSS6AI score0.01158EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.19 views

CVE-2017-1000027

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access...

6.1AI score0.01158EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/09/25 12:0 a.m.25 views

Re-Boot Design ASP Forum SQL injection Vulnerability

Re-Boot Design ASP Forum SQL injection Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Re-Boot Design ASP Forum Version 1.01 Vendor: http://www.re-bootd.com Issue: attackers can access users accounts without them knowing their passwords. Description:...

1.4AI score
Exploits0
Rows per page
Query Builder