CVE-2025-64349
🔴 HIGHELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By defaul...
Description
Request Expert ReviewELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
CVSS Scores
References
Additional Information
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- State
- Undergoing analysis
Related CVEs
CVE-2025-4522
MEDIUMThe IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin...
CVE-2025-4519
HIGHThe IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capabili...
CVE-2025-12352
CRITICALThe Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function i...
CVE-2025-64323
MEDIUMkgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any cl...
CVE-2025-64184
HIGHDosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from dif...
CVE-2025-64180
CRITICALManager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorize...
Share CVE-2025-64349
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-64349 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!