2113 matches found
AnythingLLM - Username Enumeration via Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
PSW Front-end Login & Registration 1.13 - Weak Password Recovery
PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...
CVE-2026-13020
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
EUVD-2026-42057
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
CVE-2026-13020 Weak Password Recovery Mechanism in Portal for ArcGIS
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
CVE-2026-13020
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
CVE-2026-13020
The CVE-2026-13020 entry describes a vulnerability in Esri Portal for ArcGIS (versions 12.1 and earlier) where a weak password recovery mechanism can let a remote, unauthorized attacker take ownership of a user account by manipulating the recovery flow. Affected environments include Windows, Linu...
PYSEC-2026-2005 vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
CVE-2026-53928
NocoDB (CVE-2026-53928) had a flaw where a stolen refresh token could survive a password-forgot flow and be used to mint new JWTs after password reset. The root cause was that passwordForgot only rotated token_version and revoked OAuth tokens, but did not call UserRefreshToken.deleteAllUserToken(...
CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...
Automated Logic WebCTRL Storing Passwords in a Recoverable Format (CVE-2025-14295)
CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
CVE-2026-54817
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
NPM: NocoDB: Refresh Tokens Persist Through Password Recovery
NPM: NocoDB: Refresh Tokens Persist Through Password Recovery vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NocoDB: Refresh Tokens Persist Through Password Recovery
Summary A stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. Details passwordChange and passwordReset deleted the user's refresh tokens, but passwordForgot only rotated tokenversion and revoked OAuth tokens — it did...
CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
EUVD-2026-37706
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
CVE-2026-49062
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...