Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2831 matches found

Nuclei
Nucleiadded 11 hours ago7 views

PSW Front-end Login & Registration 1.13 - Weak Password Recovery

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...

9.8CVSS7.3AI score0.07211EPSS
Exploits3References5
Vulnrichment
Vulnrichmentadded 2 days ago1 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.0002EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2 days ago9 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00028EPSS
Exploits0References1
NVD
NVDadded 4 days ago7 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS0.00028EPSS
Exploits0References4
Cvelist
Cvelistadded 4 days ago30 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS0.00028EPSS
Exploits0References4
EUVD
EUVDadded 4 days ago9 views

EUVD-2026-33489

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00028EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 4 days ago8 views

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

6.3CVSS5.1AI score0.00028EPSS
Exploits0References5
Cvelist
Cvelistadded 6 days ago24 views

CVE-2026-44611 MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

5.9CVSS0.00011EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/28 2:15 p.m.8 views

CVE-2026-9466

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

6.9CVSS5.7AI score0.00037EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.3 views

PT-2026-44226

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.0002EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 1:48 p.m.32 views

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

5.9CVSS0.00037EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 1:48 p.m.4 views

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

5.9CVSS5.8AI score0.00037EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 2:16 a.m.5 views

CVE-2026-9609

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS0.00046EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 12:30 a.m.8 views

CVE-2026-9609

CVE-2026-9609 affects QianFox FoxCMS up to version 1.2.6, targeting the Admin.php Edit function. The vulnerability enables weak password recovery through manipulation of the admin password flow, with remote initiation. Public exploit code exists, and the issue was reported via an issue but not ye...

5.8CVSS5.5AI score0.00046EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 12:30 a.m.6 views

CVE-2026-9609

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS5.5AI score0.00046EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/27 12:30 a.m.8 views

EUVD-2026-32029

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS5.5AI score0.00046EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/27 12:30 a.m.25 views

CVE-2026-9609 QianFox FoxCMS Admin.php edit password recovery

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS0.00046EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-43471

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

5.8CVSS5.5AI score0.00046EPSS
Exploits0References6
CVE
CVEadded 2026/05/27 12:0 a.m.7 views

CVE-2026-36538

Netis AC1200 Router NC21 (firmware v4.0.1.4296) is affected by a hard-coded root credential stored in /etc/shadow.sample, with the root password set to root. This enables an attacker with device access to authenticate as root and take full control of the OS. The connected Red Hat/NVD entries corr...

7.3CVSS5.8AI score0.00047EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 2:30 p.m.12 views

CVE-2026-9466

Tiandy Easy7 Integrated Management Platform 7.17.0 contains an API Endpoint vulnerability in /rest/user/updateUserPassword, where input manipulation can lead to weak password recovery. The issue is exploitable remotely and has publicly disclosed exploit activity. No remediation details are provid...

6.9CVSS5.7AI score0.00037EPSS
Exploits0References4
Rows per page
Query Builder