PT-2026-32683

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

CVE-2026-38529

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

EUVD-2019-6569

Malware in sbrugna...

EUVD-2025-4153

Malicious code in bioql PyPI...

EUVD-2024-45513

Malicious code in bioql PyPI...

EUVD-2024-17273

Malicious code in bioql PyPI...

CVE-2025-47713

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume...

CVE-2025-5482 Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for...

CVE-2025-47276

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

CVE-2020-27869

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the...

CVE-2024-51714

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Password Reset: from n/a through = 1.0...

CVE-2024-37905

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

Palo Alto Expedition 1.2.91 Remote Code Execution

class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...

CVE-2024-51714

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Password Reset: from n/a through = 1.0...

CVE-2024-51714 WordPress User Password Reset plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Password Reset: from n/a through = 1.0...

CVE-2024-51714 WordPress User Password Reset plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Password Reset: from n/a through = 1.0...

PT-2024-34861 · Unknown · User Password Reset

Name of the Vulnerable Software and Affected Versions: Syed Umair Hussain Shah User Password Reset versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS in th...

WordPress plugin User Password Reset 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress User Password Reset plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin User Password Reset versions = 1.0...

WordPress User Password Reset Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software User Password Reset Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51714 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 916db7652ed6 Credits SOPROBRO Required privilege...