CVE-2023-43902

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token...

CVE-2025-50433

An issue was discovered in imonnit.com 2025-04-24 allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts...

EUVD-2019-8361

Malware in sbrugna...

EUVD-2017-1438

Malware in sbrugna...

EUVD-2020-19704

Malware in sbrugna...

EUVD-2004-1763

Malware in sbrugna...

EUVD-2024-16662

Malicious code in bioql PyPI...

EUVD-2024-2932

Malicious code in bioql PyPI...

EUVD-2024-0740

Malicious code in bioql PyPI...

EUVD-2022-33574

Malicious code in bioql PyPI...

EUVD-2022-6693

Malicious code in bioql PyPI...

EUVD-2023-51259

Malicious code in bioql PyPI...

EUVD-2023-40913

Malicious code in bioql PyPI...

CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...

CVE-2025-5486

CVE-2025-5486 affects the WordPress plugin WP Email Debug (versions 1.0–1.1.0). The vulnerability is a missing capability check in WPMDBUG_handle_settings(), enabling privilege escalation by unauthenticated actors: they can enable debugging, cause emails to be sent to an attacker-controlled addre...

PT-2025-23374 · WordPress · Psw Front-End Login & Registration

Name of the Vulnerable Software and Affected Versions: PSW Front-end Login & Registration plugin for WordPress versions up to, and including, 1.12 Description: The issue is related to Privilege Escalation due to a weak, low-entropy OTP mechanism used in the forget function. This allows...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

CVE-2024-45980

A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts...