5 matches found
EUVD-2020-7480
Malware in sbrugna...
EUVD-2022-38376
Malicious code in bioql PyPI...
CVE-2024-42914
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server a...
PT-2024-1045
Name of the Vulnerable Software and Affected Versions GitLab versions 16.1 through 16.7.1 Description The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab...
CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the userlogin column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's...