CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 days ago•6 views

EUVD-2026-38118

6.9CVSS5.9AI score

CVE•added 4 days ago•15 views

CVE-2026-56267

Flowise prior to version 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint. The endpoint returns full user objects including PII to unauthenticated attackers, enabling enumeration of valid email addresses and harvesting of sensitive data su...

6.9CVSS5.9AI score

Cvelist•added 4 days ago•25 views

CVE-2026-56267 Flowise - PII Disclosure via Unauthenticated Forgot Password Endpoint

6.9CVSS

Positive Technologies•added 2026/06/17 12:0 a.m.•6 views

PT-2026-50474

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A stolen refresh token persists after a password-forgot flow, allowing it to be used to generate new JSON Web Tokens JWTs even after a user resets their password. While the passwordChange and...

6.3CVSS5.8AI score0.0002EPSS

RedhatCVE•added 2026/06/05 7:49 p.m.•6 views

CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

7.1CVSS5.5AI score0.00312EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:44 p.m.•6 views

CVE-2026-39111

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data...

7.5CVSS5.7AI score0.00294EPSS

RedhatCVE•added 2026/06/05 7:44 p.m.•5 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

8.2CVSS5.7AI score0.00295EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•8 views

CVE-2026-44306

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS5.5AI score0.00206EPSS

RedhatCVE•added 2026/06/05 7:24 p.m.•9 views

CVE-2026-44679

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.4AI score0.00288EPSS

RedhatCVE•added 2026/06/05 7:19 p.m.•10 views

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.5AI score0.00252EPSS

RedhatCVE•added 2026/06/02 4:3 a.m.•12 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

Patchstack•added 2026/06/01 5:17 p.m.•11 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.00623EPSS

Exploits4References1Affected Software1

NVD•added 2026/05/31 5:16 a.m.•10 views

CVE-2026-10169

6.3CVSS0.0028EPSS

EUVD•added 2026/05/31 4:45 a.m.•13 views

EUVD-2026-33489

Cvelist•added 2026/05/31 4:45 a.m.•35 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS0.0028EPSS

Vulnrichment•added 2026/05/31 4:45 a.m.•10 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

ATTACKERKB•added 2026/05/31 4:45 a.m.•10 views

CVE-2026-10169

CVE•added 2026/05/31 4:45 a.m.•15 views

CVE-2026-10169

The CVE describes a weakness in the Forgot Password Endpoint of OUSL-GROUP-BrinaryBrains School Student Management System. The vulnerability affects the function ajax_forgot_password in application/controllers/Login.php, where manipulation of the email parameter enables weak password recovery. It...