CVE-2026-45364 Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

CVE-2026-45364

The CVE-2026-45364 issue affects Better Auth (TypeScript) where the HTTP rate limiter keyed by the leftmost x-forwarded-for value could be bypassed for IPv6. Before fixes, IPv6 prefix rotation (e.g., /64) and multiple textual representations could produce 2^64 distinct keys, letting an attacker p...

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-2161 itsourcecode Directory Management System forget-password.php sql injection

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-2161

The CVE-2026-2161 entry concerns itsourcecode Directory Management System 1.0, specifically a SQL injection in /admin/forget-password.php triggered by manipulating the email parameter. The issue is exploitable remotely, and public exploits exist. Connected sources consistently describe the vulner...

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

EUVD-2026-5788

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-2161 itsourcecode Directory Management System forget-password.php sql injection

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

EUVD-2025-206105

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

Linux Distros Unpatched Vulnerability : CVE-2022-47373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password...

CVE-2025-9155

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forgetpassword.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

itsourcecode Online Tour and Travel Management System 注入漏洞

itsourcecode Online Tour and Travel Management System is itsourcecode open source an online tour and travel management system. An injection vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which originates from a SQL injection due to incorrect...

CVE-2023-0516

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forgetpassword.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The...

CVE-2023-0515

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forgetpassword.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. T...

Directory Management System /admin/forget-password.php File SQL Injection Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/forget-password.php. An attacker can exploi...

CVE-2025-4698

A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

PHPGurukul Directory Management System 注入漏洞

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/forget-password.php. An attacker can exploi...