Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the forgot password process. An attacker can determine whether an email address is registered by submitting requests and analyzing the responses. Remediation Upgrade statamic/cms to version 5.73.21, 6.15.0 or...

CVE-2019-25641

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2019-25641

The vulnerability is in Netartmedia Vlog System. An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL via the email parameter in the forgotten_password module (POST to index.php). This can expose sensitive data (as per description) and is categorized w...

CVE-2019-25641 Netartmedia Vlog System Lastest SQL Injection via email Parameter

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2019-25641

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2025-4320

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor...

CVE-2025-4320 Information Disclosure in Birebirsoft's Sufirmam

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor...

PT-2026-4352

Name of the Vulnerable Software and Affected Versions Birebirsoft Software and Technology Solutions Sufirmam versions through 23012026 Description The software exhibits issues related to excessive authentication attempts and a weak password recovery mechanism. This allows for potential brute forc...

PT-2026-4353

Name of the Vulnerable Software and Affected Versions Sufirmam versions through 23012026 Description A weakness in the password recovery mechanism allows for authentication bypass and password recovery exploitation in Sufirmam. The vendor was contacted regarding this issue but did not respond...

CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password

The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...

CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password

The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...

CVE-2025-8855

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

EUVD-2025-197605

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

CVE-2025-61977

CVE-2025-61977 concerns AutomationDirect Productivity Suite, version 4.4.1.19. The connected sources describe a vulnerability in the weak password recovery mechanism for forgotten passwords, which allows an attacker to decrypt an encrypted project by answering a single recovery question. The CVSS...

CVE-2025-11443

CVE-2025-11443 affects JhumanJ OpnForm up to v1.9.3. The issue lies in the Forgotten Password Handler’s /api/password/email function, enabling information exposure via discrepancy. The attack can be initiated remotely with high complexity; exploit is publicly available. The vulnerability is linke...

EUVD-2006-1085

Malware in sbrugna...

EUVD-2014-1718

Malware in sbrugna...

EUVD-2024-38117

Malicious code in bioql PyPI...