CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

CNNVD•added 2026/05/28 12:0 a.m.•5 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the unvalidated password reset API endpoint, allowing attackers to change account passwords without...

8.8CVSS5.8AI score0.00035EPSS

Exploits0References2

NVD•added 2026/04/24 3:16 a.m.•0 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS0.00041EPSS

Exploits1References2

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2025-208507

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

9.4CVSS5.8AI score0.00021EPSS

Exploits0References3

Vulnrichment•added 2026/03/10 12:0 a.m.•1 views

CVE-2025-69614

5.8AI score0.00021EPSS

Exploits0References2

CNNVD•added 2026/02/15 12:0 a.m.•4 views

eNet SMART HOME server 安全漏洞

The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server versions 2.2.1 and 2.3.1. These vulnerabilities stem from the JSON-RPC method resetUserPassword, which lacks proper authorization,...

8.8CVSS5.9AI score0.00021EPSS

Exploits2References2

ATTACKERKB•added 2026/01/26 5:39 p.m.•3 views

CVE-2026-24428

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

8.7CVSS5.9AI score0.00072EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:48 a.m.•6 views

CVE-2020-17477

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory via LDAP search requests. For example, a teacher can gain...

6.5CVSS7.3AI score0.00061EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:56 a.m.•7 views

CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.1AI score0.0036EPSS

Exploits0References1

OSV•added 2025/12/22 10:16 p.m.•1 views

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

9.3CVSS5.8AI score0.00255EPSS

Exploits2References5

EUVD•added 2025/11/07 9:31 p.m.•2 views

EUVD-2025-38303

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

6.4AI score0.00028EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-16391

Malware in sbrugna...

7.5CVSS7.5AI score0.00411EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-47272