Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2023/04/11 12:30 p.m.20 views

Answer vulnerable to account takeover because password reset links do not expire

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire...

8.8CVSS8.5AI score0.00327EPSS
Exploits1References4Affected Software1
Huntr
Huntradded 2023/03/21 7:55 a.m.21 views

Password reset link not expired

Hi team, I hope you are well today. This is the step: Reset your password with this link https://meta.answer.dev/users/account-recovery I have recognized that links can use many times. Beside https://meta.answer.dev/users/account-activation?code=... active account have the same vulnerability. Ok...

6.8CVSS8.6AI score0.00327EPSS
Exploits1
CNNVD
CNNVDadded 2022/09/13 12:0 a.m.3 views

TYPO3 授权问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. TYPO3 suffers from an authorization issue vulnerability that stems from never evaluating the expiration time of the password reset link for TYPO3 back-end users...

5.4CVSS5.7AI score0.00198EPSS
Exploits0References5
NVD
NVDadded 2021/09/29 6:15 p.m.11 views

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

7.5CVSS0.00204EPSS
Exploits0References2
Malwarebytes
Malwarebytesadded 2019/03/14 5:37 p.m.74 views

Mozilla launches Firefox Send for private file sharing

Mozilla look to reclaim some ground from the all-powerful Chrome with a new way to send and receive files securely from inside the browser. Firefox Send first emerged in 2017, promising an easy way to send documents without fuss. The training wheels have now come off and Send is ready to go...

7.4AI score
Exploits0
Hacker One
Hacker Oneadded 2016/08/30 4:59 p.m.8 views

Phabricator: link reset problem

Hello, i found out about an issue in your password reset links and their expiration Steps to reproduce: Request a password reset link to an account Login to the account afterwards Logout and use the link to reset the password The link would not be expired Now i know that the links need to expire...

0.1AI score
Exploits0
Hacker One
Hacker Oneadded 2015/10/04 8:36 a.m.16 views

Uber: Issue with Password reset functionality

Dear Team, There are password change issues with uber. there are two issues: 1User is not receiving notification when he reset password via password reset link. 2Password reset link is not expiring after used once. Good thing: when user change his info like profile update, password change. User g...

7.2AI score
Exploits0
Rows per page
Query Builder