Astra Linux - уязвимость в chromium

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data through a malicious website...

EUVD-2026-23137

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...

CVE-2026-27441

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

PT-2026-22209

Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop, a TypeScript-first eCommerce platform, has an issue in the "Forgot Password" functionality. When a target email address is provided, the API response includes the password reset token. Thi...

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

CVE-2025-65409

GNU Recutils v1.9 contains a divide-by-zero in its encryption/decryption routines that can be triggered by supplying an empty password, resulting in denial of service. Publicly listed advisories indicate the affected component is gnu-recutils (version 1.9); OpenSUSE reports a GA fix in gnu-recuti...

Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data...

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

CVE-2025-11599 Campcodes Online Apartment Visitor Management System forgot-password.php sql injection

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

EUVD-2017-16634

Malware in sbrugna...

EUVD-2019-3021

Malware in sbrugna...

EUVD-2023-0732

Malicious code in bioql PyPI...

EUVD-2024-19788

Malicious code in bioql PyPI...

Siemens SINUMERIK

SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

CVE-2025-4057

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies...

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

CVE-1999-0156

wu-ftpd FTP daemon allows any user and password combination...

CVE-2024-5357

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely...

ORDAT FOSS-Online 安全漏洞

ORDAT FOSS-Online is an enterprise resource management solution from ORDAT. A security vulnerability exists in ORDAT FOSS-Online versions prior to 2.24.01, which stems from the Forgot Password feature containing a SQL injection vulnerability...