EUVD-2026-23231

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

CVE-2026-28213

EverShop (TypeScript-first eCommerce platform) prior to version 2.1.1 is affected by a vulnerability in the Forgot Password flow. When a target email is specified, the API response reveals the password reset token, enabling potential account takeover. The issue affects versions before 2.1.1; upgr...

CVE-2025-48986

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality...

CVE-2025-12325

CVE-2025-12325 affects SourceCodester Best Salon Management System 1.0. The vulnerability is in panel/forgot-password.php where the email parameter is manipulated to cause SQL injection. It is exploitable remotely, and the exploit has been disclosed publicly. Public sources across multiple feeds ...

EUVD-2025-33861

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-11599

Campcodes Online Apartment Visitor Management System 1.0 has a SQL injection vulnerability in /forgot-password.php triggered by manipulating the email parameter. This allows remote exploitation, with exploits publicly available per multiple sources (NVD/CVE records, Red Hat, EUVD, CNNVD, etc.). T...

EUVD-2020-29440

Malware in sbrugna...

EUVD-2020-6183

Malware in sbrugna...

EUVD-2022-4254

Malicious code in bioql PyPI...

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

CVE-2022-30332

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of...

CVE-2009-1075

Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

PT-2025-21846 · Unknown · Campcodes Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping Portal version 1.0 Description: A critical issue has been identified, affecting the /forgot-password.php file, where manipulation of the email argument leads to SQL injection. This can be initiated remotely...

CVE-2025-32993

Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password aka index.php?/home/forgot-password visusername parameter. Authentication is not needed...

ArrowJS CMS 安全漏洞

ArrowJS CMS is a CMS based on ArrowJS framework by Trần Quốc Cường individual developer. A security vulnerability exists in ArrowJS CMS version 1.0.0, which originates from a host header injection issue in the forgot password feature. By sending a specially crafted host header in the forgot...

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

CVE-2023-3458

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The...

CVE-2021-28293

Seceon aiSIEM before 6.3.2 build 585 is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker ca...

CVE-2021-28293

Seceon aiSIEM before 6.3.2 build 585 is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker ca...