31 matches found
CVE-2026-12417
The CVE-2026-12417 issue affects the WordPress SignUp & SignIn plugin (versions ≤ 1.0.0). The vulnerability arises in the pravel_change_password() AJAX handler, exposed via wp_ajax_nopriv_pravel_change_password, which performs no nonce verification, no capability check, and uses only a loose equa...
eNet SMART HOME server 安全漏洞
The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server versions 2.2.1 and 2.3.1. These vulnerabilities stem from the JSON-RPC method resetUserPassword, which lacks proper authorization,...
CVE-2023-4214
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...
EUVD-2024-47272
Malicious code in bioql PyPI...
EUVD-2023-54752
Malicious code in bioql PyPI...
CVE-2025-10204 Unauth Admin Reset Password on AC Smart II
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...
CVE-2025-40736
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...
CVE-2024-22643
A Cross-Site Request Forgery CSRF vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets...
CVE-2023-2297
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...
CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2021-42954
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...
CVE-2021-42955
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account...
CVE-2006-4247
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2024-6125
The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...
PT-2024-32806 · Unknown · Lif Authentication Server
Name of the Vulnerable Software and Affected Versions: Lif Authentication Server versions prior to 1.7.3 Description: The issue is related to the account recovery system of the Lif Authentication Server, where there is no check to ensure the user has received the recovery email and entered the...
CVE-2024-38468
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API...
CVE-2023-2449
The CVE-2023-2449 issue concerns the WordPress UserPro plugin. Concrete details from connected sources show that versions up to 5.1.1 are affected by an unauthorized password-reset flaw due to the plugin using plaintext reset keys (userpro_process_form) instead of a hashed value, enabling misuse ...
WordPress plugin WP User Control security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...