Lucene search
+L

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/17 10:56 p.m.3 views

CVE-2026-1670

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

9.8CVSS5.5AI score0.00833EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/17 12:0 a.m.5 views

CVE-2024-44659

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php...

7.6AI score0.00399EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:13 p.m.10 views

CVE-2008-0563

Cross-site request forgery CSRF vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

4.3CVSS7AI score0.00438EPSS
Exploits0References1
OSV
OSV
added 2018/01/31 4:29 p.m.5 views

CVE-2017-8916

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access...

7.8CVSS5.8AI score0.00271EPSS
Exploits0References1
PyPA
PyPA
added 2014/03/11 7:37 p.m.7 views

PYSEC-2014-62

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

4CVSS7AI score0.01116EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder