NocoDB - User Enumeration

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. id: CVE-2026-28358 info: name: NocoDB -...

EUVD-2018-21618

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

Information Exposure

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Information Exposure via the POST /api/v2/auth/password/forgot endpoint. An attacker can determine whether a specific email address is registered by submitting password reset requests and analyzing the differing...

PT-2024-39297 · Playsms · Playsms

Name of the Vulnerable Software and Affected Versions: playSMS versions 1.4.4 through 1.4.7 Description: A critical vulnerability has been found in playSMS, affecting an unknown function of the file /playsms/index.php?app=main&inc=core auth&route=forgot&op=forgot of the component Template Handler...

PT-2021-18572 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: The issue allows reflected XSS via the "seo/seopanel/login.php?sec=forgot" email parameter. This can potentially lead to malicious script execution. No information is provided about the estimated number of...