CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

805 matches found

Flowise <= 3.0.5 - Account Takeover

Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned valid reset tokens without authentication—allowing attackers to reset passwords and take over accounts. id: CVE-2025-58434 info: name: Flowise = 3.0.5 - Account Takeover author:...

9.8CVSS6AI score0.32362EPSS

Exploits13References2

RedhatCVE•added 3 days ago•9 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References1

Patchstack•added 4 days ago•7 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.00119EPSS

Exploits2References1Affected Software1

NVD•added 5 days ago•8 views

CVE-2026-10169

6.3CVSS0.00028EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•8 views

CVE-2026-10169

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2026-10169

The CVE describes a weakness in the Forgot Password Endpoint of OUSL-GROUP-BrinaryBrains School Student Management System. The vulnerability affects the function ajax_forgot_password in application/controllers/Login.php, where manipulation of the email parameter enables weak password recovery. It...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

EUVD•added 5 days ago•10 views

EUVD-2026-33489

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

Cvelist•added 5 days ago•31 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS0.00028EPSS

Exploits0References4

Vulnrichment•added 5 days ago•7 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

6.3CVSS5.1AI score0.00028EPSS

Exploits0References4

Positive Technologies•added 5 days ago•8 views

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

6.3CVSS5.1AI score0.00028EPSS

Exploits0References5

CNNVD•added 5 days ago•5 views

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...

6.3CVSS5.8AI score0.00028EPSS

Exploits0References4

CVE•added 2026/05/14 8:40 p.m.•10 views

CVE-2026-44679

CVE-2026-44679 affects Tuist. Before 1.180.10, the forgot-password flow allows an unauthenticated attacker to repeatedly trigger password-reset emails for a known account without server-side throttling, enabling potential email spamming and downstream resource consumption in self-hosted deploymen...

6.9CVSS5.8AI score0.00068EPSS

Exploits0References1

EUVD•added 2026/05/14 8:40 p.m.•3 views

EUVD-2026-30485

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.8AI score0.00068EPSS

Exploits0References1

Cvelist•added 2026/05/14 8:40 p.m.•27 views

CVE-2026-44679 Tuist: Forgot password flow lacks throttling for reset email delivery

6.9CVSS0.00068EPSS

Exploits0References1

Vulnrichment•added 2026/05/14 8:40 p.m.•6 views

CVE-2026-44679 Tuist: Forgot password flow lacks throttling for reset email delivery

6.9CVSS5.8AI score0.00068EPSS

Exploits0References1

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41122

6.9CVSS5.8AI score0.00068EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 p.m.•8 views

CVE-2026-44306

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS0.00037EPSS

Exploits0References1

Cvelist•added 2026/05/12 9:30 p.m.•29 views

CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint

5.3CVSS0.00037EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 9:30 p.m.•6 views

CVE-2026-44306

5.3CVSS5.8AI score0.00037EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/12 9:30 p.m.•12 views

CVE-2026-44306

Statamic CMS is affected by an information exposure vulnerability in the forgot-password endpoint. Prior to versions 5.73.21 and 6.15.0, responses could reveal whether an email address is registered, enabling an unauthenticated attacker to enumerate valid users. This is fixed in 5.73.21 and 6.15....

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by