CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

GO-2026-4475 File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser

File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser...

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

CVE-2023-47350

Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...

CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...

GHSA-8Q2M-PWXF-JC7G python-keystoneclient unsecure user password update

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

PYSEC-2013-24

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...

Fedora 18 : python-keystoneclient-0.2.0-2.fc18 (2013-13900)

Allow secure user password update. CVE-2013-2013 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 19 : python-keystoneclient-0.2.3-7.fc19 (2013-14302)

Selective backports from stable/grizzly : - Ec2Signer: Initial support for v4 signature verification. - Allow signature verification for older boto versions. - Default signingdir to secure temp dir. - Fix memcache encryption middleware. CVE-2013-2166, CVE-2013-2167 - Check token expiry...

DVBBS7. 1 SQL Edition cross-database vulnerability-vulnerability warning-the black bar safety net

Author: Gui brother article source: www.54nb.cn Vulnerability test environment:DVBBS7. 1 SQL Affected files admin/admin. asp ..... Exploit select @@version0 to obtain the Windows version number and username='dbo' determine the current system user is not sa select username0 proof the current syste...