Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/30 9:29 a.m.44 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS0.00349EPSS
Exploits1References12
EUVD
EUVDadded 2026/03/19 6:31 p.m.2 views

EUVD-2026-13122

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References3
CVE
CVEadded 2026/02/26 10:31 p.m.10 views

CVE-2026-28213

EverShop (TypeScript-first eCommerce platform) prior to version 2.1.1 is affected by a vulnerability in the Forgot Password flow. When a target email is specified, the API response reveals the password reset token, enabling potential account takeover. The issue affects versions before 2.1.1; upgr...

9.8CVSS5.5AI score0.00446EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2025/09/13 6:26 p.m.11 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/09/11 4:51 p.m.9 views

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2025/08/13 2:8 p.m.1 views

CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...

5.3CVSS6.9AI score0.00244EPSS
Exploits0References2
CNVD
CNVDadded 2017/11/01 12:0 a.m.4 views

Pivotal Cloud Foundry Multiple Product Design Vulnerabilities (CNVD-2017-35831)

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...

9.8CVSS6.9AI score0.01167EPSS
Exploits0References1
Rows per page
Query Builder