48 matches found
FormaLMS 安全漏洞
FormaLMS is an open-source learning management system developed by Forma.association. It is designed to meet specific needs related to corporate training. Versions of FormaLMS prior to 4.1.18 contained a security vulnerability. This vulnerability stemmed from the password recovery function, which...
Top Password Dialup Password Recovery 安全漏洞
Top Password Dialup Password Recovery is a password recovery tool developed by Top Password Inc. Version 1.30 of Top Password Dialup Password Recovery has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which could lead to a denial-of-service attack...
CVE-2025-4319
CVE-2025-4319 affects Birebirsoft Software and Technology Solutions Sufirmam. The issue is an improper restriction of excessive authentication attempts and a weak password recovery mechanism for forgotten passwords, enabling brute-force and password-recovery exploitation through Sufirmam versions...
CVE-2022-27582
Password recovery vulnerability in SICK SIM4000 PPC Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and there...
CVE-2025-14696
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
EUVD-2016-9946
Malware in sbrugna...
EUVD-2022-32083
Malicious code in bioql PyPI...
EUVD-2023-53986
Malicious code in bioql PyPI...
EUVD-2025-11648
Malicious code in bioql PyPI...
EUVD-2022-32086
Malicious code in bioql PyPI...
EUVD-2022-32087
Malicious code in bioql PyPI...
EUVD-2024-26939
Malicious code in bioql PyPI...
CVE-2025-9013 PHPGurukul Online Shopping Portal Project password-recovery.php sql injection
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...
CVE-2025-7881
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The...
CVE-2025-7948 jshERP updatePwd password recovery
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2025-7881
The CVE-2025-7881 entry affects Mercusys MW301R, specifically the Web Interface component of version 1.0.2 Build 190726 Rel.59423n. The root cause is manipulation of the code parameter in the Web Interface, which enables weak password recovery. The vulnerability is remote in scope and has had an ...
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when...
CVE-2025-47646
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through = 1.13...
CVE-2024-5277
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...
CVE-2023-40758
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...