Lucene search
K

4 matches found

EUVD
EUVD
added 6 hours ago7 views

EUVD-2026-42163

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.14 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
EUVD
EUVD
added 2026/04/23 7:33 p.m.12 views

EUVD-2026-25291

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle...

7.5CVSS5.8AI score0.00192EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/16 3:30 p.m.5 views

EUVD-2025-34769

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...

8.2CVSS6.4AI score0.00394EPSS
Exploits0References4
Rows per page
Query Builder