Lucene search
+L

48 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

FormaLMS 安全漏洞

FormaLMS is an open-source learning management system developed by Forma.association. It is designed to meet specific needs related to corporate training. Versions of FormaLMS prior to 4.1.18 contained a security vulnerability. This vulnerability stemmed from the password recovery function, which...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

Top Password Dialup Password Recovery 安全漏洞

Top Password Dialup Password Recovery is a password recovery tool developed by Top Password Inc. Version 1.30 of Top Password Dialup Password Recovery has a security vulnerability; this vulnerability stems from a buffer overflow in the input fields, which could lead to a denial-of-service attack...

7.5CVSS6.1AI score0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/01/23 12:23 p.m.20 views

CVE-2025-4319

CVE-2025-4319 affects Birebirsoft Software and Technology Solutions Sufirmam. The issue is an improper restriction of excessive authentication attempts and a weak password recovery mechanism for forgotten passwords, enabling brute-force and password-recovery exploitation through Sufirmam versions...

9.4CVSS5.4AI score0.00369EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.9 views

CVE-2022-27582

Password recovery vulnerability in SICK SIM4000 PPC Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and there...

9.8CVSS7.6AI score0.01235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 1:32 a.m.17 views

CVE-2025-14696

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...

6.9CVSS6.6AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-9946

Malware in sbrugna...

5.3CVSS5.9AI score0.0143EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32083

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53986

Malicious code in bioql PyPI...

8.6CVSS8.2AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11648

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.005EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-32086

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32087

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-26939

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 6:2 a.m.14 views

CVE-2025-9013 PHPGurukul Online Shopping Portal Project password-recovery.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

7.5CVSS0.00403EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/22 9:53 a.m.10 views

CVE-2025-7881

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The...

5.1CVSS7.3AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/22 1:4 a.m.15 views

CVE-2025-7948 jshERP updatePwd password recovery

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the...

5.3CVSS0.00357EPSS
Exploits1References4
CVE
CVE
added 2025/07/20 9:44 a.m.33 views

CVE-2025-7881

The CVE-2025-7881 entry affects Mercusys MW301R, specifically the Web Interface component of version 1.0.2 Build 190726 Rel.59423n. The root cause is manipulation of the code parameter in the Web Interface, which enables weak password recovery. The vulnerability is remote in scope and has had an ...

5.1CVSS4AI score0.00282EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2025/06/19 12:0 a.m.7 views

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when...

9.8CVSS6.8AI score0.3072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.15 views

CVE-2025-47646

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through = 1.13...

9.8CVSS7.2AI score0.21914EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.6 views

CVE-2024-5277

In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...

7.5CVSS7.5AI score0.00353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.10 views

CVE-2023-40758

User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

9.8CVSS7AI score0.00746EPSS
Exploits0
Rows per page
Query Builder