CVE-2026-3180

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

CVE-2026-3180

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

EUVD-2026-9223

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

PT-2026-22660

Name of the Vulnerable Software and Affected Versions The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress versions through 28.1.4 Description The software is susceptible to a blind SQL Injection issue due to inadequate escaping of user-supplied...

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2023-53943

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

CVE-2023-53943

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

CVE-2023-53943 GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

EUVD-2025-34758

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

EUVD-2025-34756

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

CVE-2025-61540

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

CVE-2025-61539

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

EUVD-2008-0724

Malware in sbrugna...

EUVD-2009-2584

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-36095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Malicious attacker is able to find out valid user logins by using the lost password feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 an...

Linux Distros Unpatched Vulnerability : CVE-2020-1772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Tokens, generated by users which alread...

CVE-2025-52899

Tuleap CVE-2025-52899 affects the forgot password functionality: Community Edition before 16.9.99.1750843170 and Enterprise Edition before 16.8-4 and 16.9-2 allow user enumeration. Root cause described as the forgot password form enabling enumeration (no other technical detail provided). Impact i...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...