EUVD-2019-19952

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

EUVD-2025-4512

Malicious code in bioql PyPI...

CVE-2024-40490

An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function...

CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service...

CVE-2025-4914 PHPGurukul Auto Taxi Stand Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

Design/Logic Flaw

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

CVE-2024-26470

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...

The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

Arbitrary Account Password Reset Vulnerability in Goodbody Knowledge Android APP of Tongfang Co.

Good Body Knowledge Android App is a software to detect the health data in your body. An arbitrary account password reset vulnerability exists in the Good Body Knowledge Android APP of Tongfang Co. An attacker can reset any account password by grabbing a packet to obtain a verification code throu...