EUVD-2026-28870

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

CVE-2024-34582

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi useridchange XSS within the Forgot Password feature...

EUVD-2022-52275

Malicious code in bioql PyPI...

CVE-2023-51323

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51316

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51339

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2024-34582

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi useridchange XSS within the Forgot Password feature...

Liferay Portal and Liferay DXP insecure default configuration

Insecure default configuration in portal services implementation before 5.11.0 in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should ...

Terramaster TOS Authorization Issues Vulnerability

Terramaster TOS is a Linux-based operating system dedicated to the erraMaster Cloud Storage NAS server from Shenzhen Tumi Electronic Technology Terramaster in China. An authorization issue vulnerability exists in TerraMaster TOS version 4.2.06 and prior versions, which originates from email...

CVE-2019-9059

An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature...

Geeklog 1.3.8 - Forgot Password SQL Injection

Geeklog 1.3.8 - Forgot Password SQL Injection source: https://www.securityfocus.com/bid/8849/info An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature introduced in Geeklog 1.3.8. Due to insufficient sanitization of user-supplied input, it is possible for remo...