Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remot
A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multi
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.
QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
Improper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of service via local access.
Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 upd
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges.
If a logged-in user with re
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through
Weak Password Requirements vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0.
Users are encouraged to upgrade to version 1.13
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing t
CWE-918 Server-Side Request Forgery (SSRF)
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web ses