Astra Linux - уязвимость в python-django

A issue was discovered in Django versions 5.1.1, 5.0.9, and 4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view that implements password reset processes, allows remote attackers to enumerate user email addresses by sending password reset requests and observing the...

CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

PT-2026-28550

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description The user:reset password form tag does not properly escape user-supplied input before rendering it as HTML, potentially allowing an attacker to inject and execute...

EUVD-2019-4374

Malware in sbrugna...

EUVD-2024-54842

Malicious code in bioql PyPI...

CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

CVE-2025-10204 Unauth Admin Reset Password on AC Smart II

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

PT-2025-37410

Name of the Vulnerable Software and Affected Versions AC Smart II affected versions not specified Description A vulnerability exists in AC Smart II that allows unauthorized password changes. A hidden form for resetting the administrator password is present on a page, which can be manipulated usin...

Sielox AnyWare 安全漏洞

Sielox AnyWare is an access control system from Sielox USA. A security vulnerability exists in Sielox AnyWare version v2.1.2, which stems from an unvalidated email address field in the password reset form, which could lead to SQL injection...

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

Improper Control of Interaction Frequency

Overview goalgorilla/opensocial is a distribution for building social communities and intranets. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to incorrect validation of flood control limits on the password reset form. Remediation Upgrade...

OESA-2024-2281 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential...

UBUNTU-CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

CVE-2024-0428

The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...

Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1

April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...

Foxit Reader and Foxit PhantomPDF for Windows Information Disclosure Vulnerability (CNVD-2019-13819)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the resetForm method of Foxit Reader 9.4.1.16828 and earlier, Foxit PhantomPDF 8.3.9.41099 and earlier, and Foxit PhantomPDF 9.4.1.16828 and earlier for Windows...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...