CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•4 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

8.2CVSS5.7AI score0.00279EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-44306

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS5.5AI score0.00037EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-44679

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.4AI score0.00068EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.5AI score0.0005EPSS

RedhatCVE•added 5 days ago•9 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

Patchstack•added 6 days ago•7 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.00119EPSS

Exploits3References1Affected Software1

NVD•added 2026/05/31 5:16 a.m.•8 views

CVE-2026-10169

6.3CVSS0.00037EPSS

ATTACKERKB•added 2026/05/31 4:45 a.m.•9 views

CVE-2026-10169

CVE•added 2026/05/31 4:45 a.m.•10 views

CVE-2026-10169

The CVE describes a weakness in the Forgot Password Endpoint of OUSL-GROUP-BrinaryBrains School Student Management System. The vulnerability affects the function ajax_forgot_password in application/controllers/Login.php, where manipulation of the email parameter enables weak password recovery. It...

Cvelist•added 2026/05/31 4:45 a.m.•31 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS0.00037EPSS

EUVD•added 2026/05/31 4:45 a.m.•10 views

EUVD-2026-33489

Vulnrichment•added 2026/05/31 4:45 a.m.•8 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

Positive Technologies•added 2026/05/31 12:0 a.m.•8 views

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

CNNVD•added 2026/05/31 12:0 a.m.•5 views

Exploits0References5

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...

6.3CVSS5.8AI score0.00037EPSS

CVE•added 2026/05/14 8:40 p.m.•12 views

CVE-2026-44679

CVE-2026-44679 affects Tuist. Before 1.180.10, the forgot-password flow allows an unauthenticated attacker to repeatedly trigger password-reset emails for a known account without server-side throttling, enabling potential email spamming and downstream resource consumption in self-hosted deploymen...

6.9CVSS5.8AI score0.00068EPSS

EUVD•added 2026/05/14 8:40 p.m.•3 views

EUVD-2026-30485

6.9CVSS5.8AI score0.00068EPSS

Cvelist•added 2026/05/14 8:40 p.m.•27 views

CVE-2026-44679 Tuist: Forgot password flow lacks throttling for reset email delivery

6.9CVSS0.00068EPSS