Lucene search
K

31 matches found

CVE
CVE
added 2026/06/24 5:33 a.m.18 views

CVE-2026-12417

The CVE-2026-12417 issue affects the WordPress SignUp & SignIn plugin (versions ≤ 1.0.0). The vulnerability arises in the pravel_change_password() AJAX handler, exposed via wp_ajax_nopriv_pravel_change_password, which performs no nonce verification, no capability check, and uses only a loose equa...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.11 views

eNet SMART HOME server 安全漏洞

The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server versions 2.2.1 and 2.3.1. These vulnerabilities stem from the JSON-RPC method resetUserPassword, which lacks proper authorization,...

8.8CVSS5.9AI score0.00529EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.10 views

CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.1AI score0.00925EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47272

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00458EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54752

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00377EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/14 12:43 p.m.9 views

CVE-2025-10204 Unauth Admin Reset Password on AC Smart II

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

7.1CVSS0.00451EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 11:15 a.m.5 views

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

9.3CVSS5.8AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.11 views

CVE-2024-22643

A Cross-Site Request Forgery CSRF vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets...

6.5CVSS7.4AI score0.00326EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:52 a.m.9 views

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...

9.8CVSS7.8AI score0.00987EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.13 views

CVE-2023-2449

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

9.8CVSS7.4AI score0.00902EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.7 views

CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...

6.5CVSS6.8AI score0.00834EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.7 views

CVE-2021-42954

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...

7.8CVSS7.1AI score0.00379EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 p.m.6 views

CVE-2021-42955

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account...

7.8CVSS7.2AI score0.00418EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/21 8:51 p.m.10 views

CVE-2006-4247

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

6.4CVSS6.9AI score0.01003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 4:22 p.m.13 views

CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...

9.3CVSS0.00521EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 a.m.15 views

CVE-2024-6125

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...

8.1CVSS7.3AI score0.00458EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.4 views

PT-2024-32806 · Unknown · Lif Authentication Server

Name of the Vulnerable Software and Affected Versions: Lif Authentication Server versions prior to 1.7.3 Description: The issue is related to the account recovery system of the Lif Authentication Server, where there is no check to ensure the user has received the recovery email and entered the...

8.1CVSS7.3AI score0.00493EPSS
Exploits0References8
OSV
OSV
added 2024/06/16 4:15 p.m.5 views

CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API...

9.8CVSS5.8AI score0.00421EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 3:33 p.m.92 views

CVE-2023-2449

The CVE-2023-2449 issue concerns the WordPress UserPro plugin. Concrete details from connected sources show that versions up to 5.1.1 are affected by an unauthorized password-reset flaw due to the plugin using plaintext reset keys (userpro_process_form) instead of a hashed value, enabling misuse ...

9.8CVSS6.4AI score0.00902EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

WordPress plugin WP User Control security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS6.8AI score0.00377EPSS
Exploits0References4
Rows per page
Query Builder