EUVD-2025-209884

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

EUVD-2015-8155

Malware in sbrugna...

EUVD-2015-4708

Malware in sbrugna...

EUVD-2023-24078

Malicious code in bioql PyPI...

EUVD-2024-49424

Malicious code in bioql PyPI...

CVE-2024-8794

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...

CVE-2023-1888

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...

CVE-2024-13375 Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifierrecover function. Th...

CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

CVE-2024-45979

A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts...

CVE-2024-8794

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...

CVE-2024-8794

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...

CVE-2024-8794

CVE-2024-8794 affects the BA Book Everything WordPress plugin (versions

CVE-2024-8794 BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...

CVE-2023-1888

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...

CVE-2021-24655 WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account...

GHSA-252R-F55F-FF34 MantisBT allows arbitrary password reset

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php...

IDaaS Platform of Beijing Jiuzhou Yunteng Technology Co., Ltd. has Logic Flaw Vulnerability

IDaaS platform is a cloud identity service platform provided by Jiuzhou Yunteng. Based on the traditional 4A's of account, authentication, authorization, and auditing plus our unique application store, it forms a 5A platform, which can provide a unified portal for enterprise users, and based on...

Niushop B2B2C Multi-merchant Mall System Exploits Arbitrary Password Reset Vulnerability

NiuShop B2B2C Multi-Merchant Mall System is a PHP open source e-commerce system designed and developed completely independently by Shanxi NiuKu Information Technology Co. Niushop B2B2C Multi-merchant Mall System V1.11 version of the arbitrary password reset vulnerability, an attacker can use the...