Astra Linux - уязвимость в python-django

A issue was discovered in Django versions 5.1.1, 5.0.9, and 4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view that implements password reset processes, allows remote attackers to enumerate user email addresses by sending password reset requests and observing the...

CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

EUVD-2019-4374

Malware in sbrugna...

EUVD-2024-54842

Malicious code in bioql PyPI...

Sielox AnyWare 安全漏洞

Sielox AnyWare is an access control system from Sielox USA. A security vulnerability exists in Sielox AnyWare version v2.1.2, which stems from an unvalidated email address field in the password reset form, which could lead to SQL injection...

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

Improper Control of Interaction Frequency

Overview goalgorilla/opensocial is a distribution for building social communities and intranets. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to incorrect validation of flood control limits on the password reset form. Remediation Upgrade...

OESA-2024-2281 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential...

UBUNTU-CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1

April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...

CVE-2017-5537

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests...

Legal Robot: Password reset form ignores email field

A security researcher discovered that the password reset form disregards the email field on the reset form, relying only on the reset token to find the user. However, the email field was only used in a pre-reset validation. While the reset token provides sufficient assurance that the holder of th...

Drupal 7.x < 7.52 / 8.x < 8.2.3 Multiple Vulnerabilities

The version of Drupal running on the remote web server is 7.x prior to 7.52 or 8.x prior to 8.2.3. It is, therefore, affected by the multiple vulnerabilities : - An information disclosure vulnerability exists in the taxonomy module when using access query tags that are inconsistent with the...