CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

163 matches found

Flowise <= 3.0.5 - Account Takeover

Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...

9.8CVSS6AI score0.32362EPSS

Exploits13References2

RedhatCVE•added 3 days ago•9 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References1

NVD•added 5 days ago•8 views

CVE-2026-10169

6.3CVSS0.00028EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2026-10169

The CVE describes a weakness in the Forgot Password Endpoint of OUSL-GROUP-BrinaryBrains School Student Management System. The vulnerability affects the function ajax_forgot_password in application/controllers/Login.php, where manipulation of the email parameter enables weak password recovery. It...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

EUVD•added 5 days ago•10 views

EUVD-2026-33489

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

Cvelist•added 5 days ago•31 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS0.00028EPSS

Exploits0References4

Vulnrichment•added 5 days ago•7 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

Positive Technologies•added 5 days ago•8 views

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References5

NVD•added 2026/05/28 4:16 p.m.•7 views

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

8.8CVSS0.00044EPSS

Exploits0References2

ATTACKERKB•added 2026/05/28 2:13 p.m.•4 views

CVE-2026-35671

8.8CVSS5.8AI score0.00044EPSS

Exploits0References3

Vulnrichment•added 2026/05/28 2:13 p.m.•5 views

CVE-2026-35671 phpMyFAQ - Insecure Direct Object Reference in User Password API

8.8CVSS5.8AI score0.00044EPSS

Exploits0References2

Snyk•added 2026/05/20 3:46 p.m.•7 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...

8.8CVSS5.8AI score0.00129EPSS

Exploits0References4

Vulnrichment•added 2026/05/12 9:30 p.m.•7 views

CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Packet Storm•added 2026/05/11 12:0 a.m.•42 views

📄 S2M Forgot Password Endpoint Token Exposure

This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, a company specializing in secure electronic transactions and payment processing solutions. The script sends a crafted POST request using a known email...

5.8AI score

Exploits0

EUVD•added 2026/05/10 3:31 p.m.•8 views

EUVD-2021-34812

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

5.3CVSS5.7AI score0.00025EPSS

Exploits0References3

ATTACKERKB•added 2026/05/10 12:52 p.m.•3 views

CVE-2021-47953

5.3CVSS5.7AI score0.00025EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/10 12:52 p.m.•26 views

CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password

5.3CVSS0.00025EPSS

Exploits0References2

Vulnrichment•added 2026/05/10 12:52 p.m.•2 views

CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password

5.3CVSS5.7AI score0.00025EPSS

Exploits0References2

Positive Technologies•added 2026/05/10 12:0 a.m.•3 views

PT-2026-39526

5.3CVSS5.7AI score0.00025EPSS

Exploits0References3

Github Security Blog•added 2026/05/06 8:54 p.m.•5 views

Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by