19 matches found
CVE-2025-65831
The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...
PT-2025-36007
Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7 Description pgAdmin is susceptible to a Cross-Origin Opener Policy COOP issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and...
PT-2025-34054 · Unknown · Touch Lebanon Mobile App
Name of the Vulnerable Software and Affected Versions: Touch Lebanon Mobile App version 2.20.2 Description: A flaw exists in the password reset workflow that allows an attacker to bypass the one-time password OTP reset password mechanism. By manipulating the reset process, an unauthorized user ma...
CVE-2024-5277
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...
CVE-2025-5098
CVE-2025-5098 affects Mobile Dynamix PrinterShare Mobile Print (Android). Technical details from KoreLogic KL-001-2025-003 show the vulnerability arises in the Android app where Gmail OAuth tokens are captured and stored in plaintext, enabling token reuse to access a user’s Gmail account. The fla...
CVE-2024-57490
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw...
CVE-2024-45586
CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...
CVE-2024-5277
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...
Security Bulletin: IBM OpenPages Is Vulnerable to Privilege Escalation attack (CVE-2023-38738)
Summary IBM OpenPages with Watson is affected by unauthorized account access due to Native authentication method. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-38738 DESCRIPTION: IBM OpenPages could provide weaker than expected security in a OpenPages environment using...
Input validation
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...
CVE-2023-3277
CVE-2023-3277 affects the WordPress MStore API plugin (versions
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
CVE-2015-9284
The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...
Warburg Pincus App Has Logic Flaw Vulnerability
Huabao Intelligent Investment APP is an intelligent stock speculation software that integrates stock account opening, market information and automatic trading. There is a logic flaw vulnerability in Huabao Intelligent Investment APP, which can be exploited by an attacker to log into any account...
Panic attack: Apple scams apply pressure
We've seen a number of Apple-related phishes in circulation over the last few days. While most of them already lead to deactivated phishing sites, we thought it was worth highlighting some of the tricks being used to bait people into handing over payment details at the moment. Fake receipt emails...
CVE-2017-1000027
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access...
CVE-2017-1000027
CVE-2017-1000027 concerns Koozali Foundation SME Server (versions 8.x–10.x). The vulnerability is an open URL redirect in the user web login function, enabling unauthorized account access. The available connected documents confirm the affected product family and the open redirect flaw as the root...
CVE-2017-1000027
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access...
Re-Boot Design ASP Forum SQL injection Vulnerability
Re-Boot Design ASP Forum SQL injection Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Re-Boot Design ASP Forum Version 1.01 Vendor: http://www.re-bootd.com Issue: attackers can access users accounts without them knowing their passwords. Description:...