Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An authenticated user attempting to change their password could do so without using the current password.
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
An authenticated user without user administrative permissions could change the administrator Account Name.
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
CVE-2025-1107
CRITICAL CVSS 9.9
Find Similar
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To expl
CVE-2022-50981
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
CVE-2024-48887
CRITICAL CVSS 9.8
Find Similar
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
CVE-2025-4558
CRITICAL CVSS 9.3
Find Similar
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1
Users who were required to change their password could still access system information before changing their password
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
An authenticated user without user-management permissions could view other users account information.
CVE-2025-41715
CRITICAL CVSS 9.8
Find Similar
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
Page 1+ Next →