Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8716 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 3.3 LOW | 7.5 HIGH |
| An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | |||||
| CVE-2017-8385 | 1 Craftcms | 1 Craft Cms | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | |||||
| CVE-2015-4689 | 1 Ellucian | 1 Banner Student | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | |||||
| CVE-2017-2766 | 1 Emc | 1 Documentum Eroom | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-8613 | 1 Microsoft | 1 Azure Active Directory Connect | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." | |||||
| CVE-2017-7551 | 1 Fedoraproject | 1 389 Directory Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |||||
| CVE-2015-7257 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 8.5 HIGH | 7.5 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | |||||
| CVE-2017-9543 | 1 Echatserver | 1 Easy Chat Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | |||||
| CVE-2025-31380 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site allows Password Recovery Exploitation. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.11. | |||||
| CVE-2022-47377 | 1 Sick | 2 Sim2000 Firmware, Sim2000st | 2025-04-16 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2020-12067 | 1 Pilz | 1 Pmc | 2025-04-14 | N/A | 7.5 HIGH |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. | |||||
| CVE-2016-5997 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2016-2349 | 1 Bmc | 1 Remedy Action Request System | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | |||||
| CVE-2016-5996 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2024-11103 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-11 | N/A | 9.8 CRITICAL |
| The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | |||||
| CVE-2022-25027 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | N/A | 7.5 HIGH |
| The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | |||||
| CVE-2025-2093 | 1 Phpgurukul | 1 Online Library Management System | 2025-04-03 | 2.1 LOW | 3.1 LOW |
| A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||||
| CVE-2025-1231 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | |||||
| CVE-2022-47697 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2025-03-27 | N/A | 9.8 CRITICAL |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. | |||||