Lucene search
K

16 matches found

Snyk
Snyk
added 2026/04/06 5:59 p.m.19 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

8.6CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/02 6:42 p.m.7 views

GO-2026-4888 Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29935

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.7 views

Grav is vulnerable to Arbitrary File Read

Summary - A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. - This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password reset token. - This can allow an adversar...

8.5CVSS6.9AI score0.00397EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-26275

Malware in sbrugna...

4.4CVSS4.6AI score0.00292EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-0015

Malware in sbrugna...

4.9CVSS6AI score0.02266EPSS
Exploits1References23
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2598

Malicious code in bioql PyPI...

5.8CVSS5.7AI score0.00565EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.5 views

CVE-2023-36472

Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The /content-manager/relations route does not remove private fields or ensure that they can't be...

5.8CVSS6.6AI score0.00565EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 p.m.4 views

CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

4.4CVSS5.9AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:35 a.m.10 views

CVE-2012-5618

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens...

9.8CVSS7AI score0.01181EPSS
Exploits0References1
Prion
Prion
added 2023/09/15 7:15 p.m.19 views

Design/Logic Flaw

Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The /content-manager/relations route does not remove private fields or ensure that they can't be...

3.5CVSS5.4AI score0.00565EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/09/15 6:54 p.m.20 views

CVE-2023-36472 Strapi may leak sensitive user information, user reset password, tokens via content-manager views

Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The /content-manager/relations route does not remove private fields or ensure that they can't be...

5.8CVSS5.6AI score0.00565EPSS
Exploits1References4
Prion
Prion
added 2022/10/07 11:15 a.m.14 views

Design/Logic Flaw

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...

5CVSS7.5AI score0.0078EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.8 views

PT-2022-22085 · Git +1 · Tooljet +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows for account takeover. When an attacker gains access to certain information, they can see the hashed password, which can potentially be...

9.8CVSS8.5AI score0.0078EPSS
Exploits1References5
Prion
Prion
added 2020/02/04 2:15 p.m.13 views

Default credentials

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens...

5CVSS7.2AI score0.01181EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/02/04 1:17 p.m.46 views

CVE-2012-5618

CVE-2012-5618 affects Ushahidi prior to 2.6.1, where forgot-password tokens use insufficient entropy. This vulnerability could allow token guessing and account compromise with network access. Upgrade to Ushahidi 2.6.1 or later as the implied fix; the connected documents do not provide further exp...

9.8CVSS9.4AI score0.01181EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder