WordPress plugin LatePoint 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

EUVD-2018-18634

Malware in sbrugna...

EUVD-2020-0493

Malware in sbrugna...

EUVD-2018-10931

Malware in sbrugna...

EUVD-2025-6805

Malicious code in bioql PyPI...

EUVD-2024-54603

Malicious code in bioql PyPI...

CVE-2025-8310

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password...

ZITADEL 输入验证错误漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. An input validation error vulnerability exists in ZITADEL versions prior to 3.2.2, which stems from a possible manipulation...

CVE-2024-38287

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value...

CVE-2020-18124

A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords...

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests...

CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...

Huaxia ERP has a logic flaw vulnerability (CNVD-2021-23371)

Huaxia ERP based on SpringBoot framework , SaaS model , for small and medium-sized enterprises to provide open source ERP software , currently focusing on sales and inventory + financial functions . There is a logic flaw vulnerability in Huaxia ERP. An attacker can use this vulnerability to reset...

Unspecified Vulnerability in Progress Sitefinity CMS

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 12.1, which stems from the program's use of a weak password recovery mechanism when retrieving passwords. The vulnerability can be exploited...

CVE-2018-6889

An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction...

MetalGenix GeniXCMS 'forgotpassword.php' File Denial of Service Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A security vulnerability exists in the forgotpassword.php file in MetalGenix GeniXCMS version 1.0.2. A...