32 matches found
CVE-2026-13020
CVE-2026-13020 affects Esri Portal for ArcGIS up to version 12.1 on Windows, Linux, and Kubernetes. A weak password-recovery mechanism lets a remote, unauthenticated attacker potentially take ownership of a user account by manipulating the recovery flow. The vulnerability’s impact is described as...
EUVD-2026-42057
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery
A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...
FoxCMS 授权问题漏洞
FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a licensing issue vulnerability, which stems from a weak password recovery vulnerability in the Edit function of the Admin.php fi...
CVE-2026-9466
A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...
Weak Password Recovery Mechanism for Forgotten Password
Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password recovery flow. An attacker can gain unauthorized access to user accounts by exploiting insufficient input validation of the origin of the password reset request...
Weak Password Recovery Mechanism for Forgotten Password
Overview @evershop/evershop is a The React Ecommerce platform. Built with React and Postgres. Open-source and free. Fast and customizable. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password. An attacker can gain unauthorized access to...
GHSA-FMR2-M7GC-577W funadmin has Weak Password Recovery Mechanism for Forgotten Password
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
funadmin has Weak Password Recovery Mechanism for Forgotten Password
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2895 funadmin Member.php repass password recovery
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2026-2895 funadmin Member.php repass password recovery
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
CVE-2025-4320
CVE-2025-4320 concerns an authentication bypass caused by a weak password recovery mechanism in Sufirmam, a product of Birebirsoft Software and Technology Solutions. The issue allows bypass of authentication and potential password-recovery exploitation, affecting Sufirmam through version 23012026...
CVE-2025-4320 Information Disclosure in Birebirsoft's Sufirmam
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor...
PT-2026-4353
Name of the Vulnerable Software and Affected Versions Sufirmam versions through 23012026 Description A weakness in the password recovery mechanism allows for authentication bypass and password recovery exploitation in Sufirmam. The vendor was contacted regarding this issue but did not respond...
CVE-2025-53704
CVE-2025-53704 concerns the MAXHUB Pivot client application, where the password reset mechanism is weak and may allow an attacker to take over an account. Multiple sources (NVD, Red Hat, EUVD, CVE List, and CISA ICS advisory ICSA-25-338-02) describe the issue as a weak password reset causing pote...
CVE-2025-13565
CVE-2025-13565 affects SourceCodester Inventory Management System 1.0. The weakness is in /model/user/resetPassword.php, where manipulation of an unknown function can enable weak password recovery. The vulnerability is exploitable remotely and a public exploit exists. Impact is indicated as weak ...
EUVD-2025-38730
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
AutomationDirect Productivity Suite 授权问题漏洞
AutomationDirect Productivity Suite is a programmable logic controller programming software from AutomationDirect. An authorization issue vulnerability exists in AutomationDirect Productivity Suite version v4.4.1.19, which stems from a weak password recovery mechanism that allows an attacker to...
EUVD-2019-16119
Malware in sbrugna...
CVE-2025-41251
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated...