Lucene search
K

356 matches found

Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-12416 Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...

9.8CVSS0.00364EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38679

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48717

Name of the Vulnerable Software and Affected Versions PenguinMod-BackendApi versions prior to 1.0.0 Description A NoSQL injection—a method of attacking non-relational databases by manipulating queries—exists in the password reset endpoint. This allows an authenticated user with a registered accou...

8.7CVSS5.2AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.30 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.0126EPSS
Exploits4References8
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

WordPress plugin ARMember Premium 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00419EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is built using PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive database. Versions of e107 prior t...

8.1CVSS5.8AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 4:16 p.m.12 views

CVE-2026-36438

An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd...

5.3CVSS0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38284

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.6 Description An authorization bypass exists in the reset user password and gym permissions user edit views. The system performs a gym-scope authorization check using a Python object comparison that evaluates None !=...

9.9CVSS5.8AI score0.00371EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2026/04/18 9:59 a.m.151 views

Exploit for CVE-2025-15030

CVE-2025-15030 User Profile Builder 3.15.2 - Unauthentica...

9.8CVSS5.8AI score0.00487EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33119

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS5.8AI score0.00365EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/14 8:40 a.m.4 views

EUVD-2026-22236

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...

8.8CVSS5.9AI score0.00453EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

Siemens SINEC NMS 安全漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

8.8CVSS7.3AI score0.00453EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:31 a.m.2 views

EUVD-2026-21883

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 6:31 a.m.31 views

CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32281

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/12 4:52 p.m.241 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

CVE-2025-58434 — Flowise Account Takeover via Token Disclosure...

9.8CVSS6AI score0.50118EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31070

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.9AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.4 views

CVE-2021-27704

Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page...

6.5CVSS7.2AI score0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/22 1:38 p.m.3 views

CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00273EPSS
Exploits0References3
Rows per page
Query Builder