11 matches found
CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...
CVE-2025-15398
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-53704
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...
CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2021-36171
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...
Milesight 4K/H.265 Series 授权问题漏洞
Milesight 4K/H.265 Series is a series of network cameras from the Chinese company Milesight. The Milesight 4K/H.265 Series suffers from a security vulnerability that stems from a weak password reset mechanism. A remote attacker could exploit the vulnerability to take over an account by sending a...
PT-2023-14726 · Bofei · Bofei Dbd+ Application
Name of the Vulnerable Software and Affected Versions: BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An insecure password reset issue was discovered in the BOFEI DBD+ Application for IOS & Android service due to an insecure expiry mechanism. Recommendations: For version 1.4....
PT-2022-7248 · Apsystems · Apsystems Energy Communication Unit (Ecu-C) Power Control
Name of the Vulnerable Software and Affected Versions: APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software versions V3.11.4, V4.1NA, V4.1SAA, W2.1NA, C1.2.2 Description: An access control issue in the APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software allows attackers t...
Fortinet FortiPortal 安全特征问题漏洞
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for use by MSPs. versions, a security feature issue vulnerability exists that stems from the use o...
EMC Data Domain Insecure Password Reset Vulnerability
EMC Data Domain systems are data protection storage solutions. EMC Data Domain versions 5.4, 5.5, 5.6, and 5.7 have a security vulnerability that could allow users to change their passwords without having to provide their current passwords, or even change the passwords of other users in the same...