Lucene search
K

32 matches found

CVE
CVE
added 2026/07/07 4:39 p.m.9 views

CVE-2026-13020

CVE-2026-13020 affects Esri Portal for ArcGIS up to version 12.1 on Windows, Linux, and Kubernetes. A weak password-recovery mechanism lets a remote, unauthenticated attacker potentially take ownership of a user account by manipulating the recovery flow. The vulnerability’s impact is described as...

9.8CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 4:39 p.m.7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/31 4:45 a.m.12 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

FoxCMS 授权问题漏洞

FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a licensing issue vulnerability, which stems from a weak password recovery vulnerability in the Edit function of the Admin.php fi...

5.8CVSS5.8AI score0.00223EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 4:16 p.m.17 views

CVE-2026-9466

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

6.9CVSS0.00352EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 4:8 p.m.6 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password recovery flow. An attacker can gain unauthorized access to user accounts by exploiting insufficient input validation of the origin of the password reset request...

9.3CVSS5.9AI score0.00306EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/27 3:21 a.m.6 views

Weak Password Recovery Mechanism for Forgotten Password

Overview @evershop/evershop is a The React Ecommerce platform. Built with React and Postgres. Open-source and free. Fast and customizable. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password. An attacker can gain unauthorized access to...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2026/02/22 12:31 a.m.7 views

GHSA-FMR2-M7GC-577W funadmin has Weak Password Recovery Mechanism for Forgotten Password

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS4.7AI score0.00392EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/22 12:31 a.m.9 views

funadmin has Weak Password Recovery Mechanism for Forgotten Password

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

8.1CVSS4.6AI score0.00392EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 11:2 p.m.7 views

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS4.2AI score0.00392EPSS
Exploits1References5
OSV
OSV
added 2026/02/21 11:2 p.m.5 views

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS5.2AI score0.00392EPSS
Exploits1References7
CVE
CVE
added 2026/01/23 12:26 p.m.32 views

CVE-2025-4320

CVE-2025-4320 concerns an authentication bypass caused by a weak password recovery mechanism in Sufirmam, a product of Birebirsoft Software and Technology Solutions. The issue allows bypass of authentication and potential password-recovery exploitation, affecting Sufirmam through version 23012026...

10CVSS5.4AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 12:26 p.m.38 views

CVE-2025-4320 Information Disclosure in Birebirsoft's Sufirmam

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor...

10CVSS0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.10 views

PT-2026-4353

Name of the Vulnerable Software and Affected Versions Sufirmam versions through 23012026 Description A weakness in the password recovery mechanism allows for authentication bypass and password recovery exploitation in Sufirmam. The vendor was contacted regarding this issue but did not respond...

10CVSS5.9AI score0.0046EPSS
Exploits0References5
CVE
CVE
added 2025/12/04 9:44 p.m.35 views

CVE-2025-53704

CVE-2025-53704 concerns the MAXHUB Pivot client application, where the password reset mechanism is weak and may allow an attacker to take over an account. Multiple sources (NVD, Red Hat, EUVD, CVE List, and CISA ICS advisory ICSA-25-338-02) describe the issue as a weak password reset causing pote...

8.7CVSS6.7AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2025/11/23 7:2 p.m.11 views

CVE-2025-13565

CVE-2025-13565 affects SourceCodester Inventory Management System 1.0. The weakness is in /model/user/resetPassword.php, where manipulation of an unknown function can enable weak password recovery. The vulnerability is exploitable remotely and a public exploit exists. Impact is indicated as weak ...

9.1CVSS6.3AI score0.00423EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/11/10 2:45 a.m.4 views

EUVD-2025-38730

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

9.8CVSS6.6AI score0.00508EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

AutomationDirect Productivity Suite 授权问题漏洞

AutomationDirect Productivity Suite is a programmable logic controller programming software from AutomationDirect. An authorization issue vulnerability exists in AutomationDirect Productivity Suite version v4.4.1.19, which stems from a weak password recovery mechanism that allows an attacker to...

7.3CVSS6.8AI score0.0013EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-16119

Malware in sbrugna...

9.1CVSS9.3AI score0.01102EPSS
Exploits0References2
NVD
NVD
added 2025/09/29 7:15 p.m.6 views

CVE-2025-41251

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated...

8.1CVSS0.01022EPSS
Exploits0References1
Rows per page
Query Builder