CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2025/05/23 7:26 a.m.•6 views

CVE-2024-42914

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server a...

9.1CVSS7.3AI score0.00202EPSS

Exploits1References1

OSV•added 2024/08/23 7:15 p.m.•2 views

CVE-2024-42914

9.1CVSS5.8AI score0.00202EPSS

Exploits1References2

NVD•added 2024/08/23 7:15 p.m.•10 views

CVE-2024-42914

9.1CVSS0.00202EPSS

Exploits1References2

Vulnrichment•added 2024/08/23 12:0 a.m.•7 views

CVE-2024-42914

7.2AI score0.00202EPSS

Exploits1References2

CVE•added 2024/08/23 12:0 a.m.•42 views

CVE-2024-42914

ArrowCMS 1.0.0 is affected by a host header injection in the forgot password feature. A crafted Host header can cause password reset links to be sent to an attacker-controlled server, leaking the reset token and potentially allowing the attacker to reset other users’ passwords. The connected sour...

9.1CVSS6.9AI score0.00202EPSS

Exploits1References2Affected Software1

Cvelist•added 2024/08/23 12:0 a.m.•12 views

CVE-2024-42914

0.00202EPSS

Exploits1References2

Positive Technologies•added 2024/08/23 12:0 a.m.•3 views

PT-2024-30203 · Arrowcms · Arrowcms

Name of the Vulnerable Software and Affected Versions: ArrowCMS version 1.0.0 Description: A host header injection vulnerability exists in the forgot password functionality. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to...

9.1CVSS6.6AI score0.00202EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by