Search Vulnerabilities

Flowise - Unverified Email Change via Account Profile Endpoint

KMW CCTV Security Cameras Unverified Password Change

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted pa...

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

blueprintUE: Authenticated Password Change Does Not Verify Current Password

Navicat for Oracle 12.1.15 Password Field Denial of Service

SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change

EventSentry < 6.0.1.20 Web Reports Unverified Password Change

vichan-devel vichan Password Change pages.php unverified password change

Tenda W30E V2 Allows Password Changes Without Verifying Current Password

Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service

MOVEit Transfer REST API does not require current password in order to initiate the password change process

IBM Aspera Orchestrator Unverified Password Change

Ibexa User Bundle is missing password change validation

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7

Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password

An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older ...

CWE-620: Unverified Password Change