19 matches found
CVE-2026-45055
CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...
CVE-2026-24444
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...
PT-2026-44402
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9 B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...
SDMC NE6037 信任管理问题漏洞
SDMC NE6037 is a wired modem produced by SDMC Corporation in China. The SDMC NE6037 cable modem routers come in versions 7.1.6.0.25 and 7.1.6.1.9B9. There are vulnerabilities related to trust management in these versions. The vulnerability stems from hard-coded passwords present in the Web...
GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...
CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...
CVE-2026-26744
FormaLMS 4.1.18 and earlier is affected by a user-enumeration flaw in the password-recovery endpoint (/lostpwd). The app returns different error messages for valid versus invalid usernames, enabling unauthenticated attackers to determine registered usernames via observable responses. The descript...
Next.js security vulnerabilities
Next.js is a React framework open source by Vercel. Next.js has a security vulnerability, which stems from the unlimited request body buffering and decompression allowed in the PPR recovery endpoint. This vulnerability could lead to memory exhaustion and denial of service...
EUVD-2025-200294
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query...
EUVD-2025-25126
Malicious code in bioql PyPI...
CVE-2025-9109
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the...
CVE-2025-9109
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the...
CVE-2025-9109 Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the...
CVE-2025-9109 Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the...
CVE-2025-9109
CVE-2025-9109 affects Portabilis i-Diario up to version 1.5.0, specifically the Password Recovery Endpoint at /password/email. The issue is a discrepancy in responses that can be exploited remotely, with high complexity, and an exploit has been publicly released. Multiple connected sources corrob...
Portabilis i‑Diário 安全漏洞
Portabilis i-Diário is an open source school academic calendar and teacher interaction management system from Portabilis, Brazil. A security vulnerability exists in Portabilis i-Diário 1.5.0 and earlier versions, which stems from a difference in response time of the component Password Recovery...
PT-2025-33638 · Portabilis · Portabilis I-Diario
Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.5.1 Description: A security flaw has been discovered in Portabilis i-Diario. The vulnerability affects an unknown functionality of the file /password/email within the Password Recovery Endpoint componen...
Shopware 6 allows attackers to check for registered accounts through the store-api
Impact Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response "errors":"status":"404","code":"CHECKOUTCUSTOMERNOTFOUND","title":"Not...
CVE-2021-36760
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...