Lucene search
K

9500 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57697

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00477EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00477EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57698

CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...

6.5CVSS6.1AI score0.00356EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57697

The CVE-2026-57697 entry concerns the WordPress ProfileGrid plugin (Metagauss) ≤ 5.9.9.6, where an Authentication Bypass via an Alternate Path or Channel allows Password Recovery Exploitation. The NVD entries describe a vulnerable component (ProfileGrid) with a base score of 7.5 (HIGH) per CVSS 3...

7.5CVSS6.1AI score0.00477EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday16 views

PSW Front-end Login & Registration 1.13 - Weak Password Recovery

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...

9.8CVSS7AI score0.21914EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-15479

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43201

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2 days ago9 views

CVE-2026-15479

The vulnerability CVE-2026-15479 affects H3C NX15 V100R017. The vulnerable component is the Administrator Password Modification Endpoint, specifically the change_passwd function at /api/login/modify. Manipulating the newPass parameter results in weak password recovery. The issue can be exploited ...

7.5CVSS6.6AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57554

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient verification during the email change process allows an attacker with access to a valid session cookie or an authenticated browser to change the account email address. This occurs becaus...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References8
NVD
NVD
added 4 days ago10 views

CVE-2026-57807

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
The Hacker News
The Hacker News
added 4 days ago11 views

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-41879

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
The Hacker News
The Hacker News
added 4 days ago9 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
Rows per page
Query Builder