EUVD-2026-28870

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

CVE-2020-7483

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional...

CVE-2024-34582

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi useridchange XSS within the Forgot Password feature...

EUVD-2005-0933

Malware in sbrugna...

EUVD-2009-1076

Malware in sbrugna...

EUVD-2021-22727

Malware in sbrugna...

EUVD-2018-21526

Malware in sbrugna...

EUVD-2020-28608

Malware in sbrugna...

EUVD-2022-52275

Malicious code in bioql PyPI...

CVE-2025-54390

A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently...

CVE-2025-54390

A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently...

CVE-2022-30275

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...

CVE-2023-51332

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51323

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51326

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51339

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51316

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2022-23616

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since t...