217 matches found
EUVD-2025-28110
Malicious code in bioql PyPI...
EUVD-2022-5339
Malicious code in bioql PyPI...
EUVD-2022-42799
Malicious code in bioql PyPI...
CVE-2025-10127 Daikin Europe N.V Security Gateway Weak Password Recovery Mechanism for Forgotten Password
Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials...
CVE-2025-32486
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through = 1.4.6...
CVE-2025-32486
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through = 1.4.6...
CVE-2025-32486
CVE-2025-32486 exists in the WordPress plugin “Material Dashboard” (Hossein Material Dashboard) up to version 1.4.6. The connected documents identify an unauthenticated privilege-escalation vulnerability linked to a weak password-recovery mechanism, enabling elevation of privileges within affecte...
PT-2025-36756
Name of the Vulnerable Software and Affected Versions: Hossein Material Dashboard versions n/a through 1.4.6 Description: A weakness exists in the password recovery mechanism for forgotten passwords in Hossein Material Dashboard. This issue could allow unauthorized access to accounts...
Linux Distros Unpatched Vulnerability : CVE-2023-28632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emai...
CVE-2021-36436
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...
CVE-2025-29529
ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx...
CVE-2024-12604
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025...
WordPress plugin Front End Users 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
SourceBans++ 安全漏洞
SourceBans++ is a global administration, banning and communication management system for the Source engine by the SourceBans++ Dev team. A security vulnerability exists in SourceBans++ versions prior to v.1.8.0. A remote attacker can exploit this vulnerability to obtain sensitive information via ...
Synology DiskStation Manager Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-8916)
Unverified password change vulnerability in Change Password in Synology DiskStation Manager DSM before 6.2-23739 allows remote authenticated users to reset password without verification. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2024-8878
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...
CVE-2024-8880
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...
CVE-2024-42080
In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdmarestrackentry's kernname was set to KBUILDMODNAME in ibcreatecq, while if the module exited but forgot del this rdmarestrackentry, it would cause a invalid address...
CVE-2024-39597
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this ca...
CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this ca...