Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded 2026/05/14 8:40 p.m.13 views

CVE-2026-44679

CVE-2026-44679 affects Tuist. Before 1.180.10, the forgot-password flow allows an unauthenticated attacker to repeatedly trigger password-reset emails for a known account without server-side throttling, enabling potential email spamming and downstream resource consumption in self-hosted deploymen...

6.9CVSS5.8AI score0.00068EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 8:40 p.m.3 views

EUVD-2026-30485

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.8AI score0.00068EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/14 8:40 p.m.7 views

CVE-2026-44679 Tuist: Forgot password flow lacks throttling for reset email delivery

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.8AI score0.00068EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/09 7:43 p.m.4 views

EUVD-2026-28937

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00076EPSS
Exploits1References3
Packet Storm News
Packet Storm Newsadded 2026/04/13 12:0 a.m.1 views

Totara LMS 19.1.5 Missing Rate Limiting

Totara LMS versions 19.1.5 and below have a forgot password flow that's missing rate limiting...

5.8AI score0.00061EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/03/22 1:38 p.m.0 views

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/10/16 12:0 a.m.3 views

PT-2025-42471

Name of the Vulnerable Software and Affected Versions Aggie version 2.6.1 Description A Host Header injection flaw exists in the forgot password functionality of the software. This allows an attacker to reset a user's password. The vulnerability is present in the handling of the Host header durin...

8.2CVSS5.5AI score0.00029EPSS
Exploits1References10
NVD
NVDadded 2025/09/10 9:15 a.m.2 views

CVE-2025-36758

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle...

6.3CVSS0.0009EPSS
Exploits0References2
CNVD
CNVDadded 2017/09/25 12:0 a.m.2 views

PCG Travel Android App Has Logic Design Flaws

PCG Travel Android APP is a B2B2C travel service platform. PCG Travel Android APP has a logical design vulnerability. After registering, an attacker can reset any account password by grabbing packets to bypass the CAPTCHA through the forgot password function...

7.1AI score
Exploits0
Rows per page
Query Builder