CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

EUVD-2011-4596

Malware in sbrugna...

EUVD-2024-2079

Malicious code in bioql PyPI...

EUVD-2024-32349

Malicious code in bioql PyPI...

EUVD-2022-4367

Malicious code in bioql PyPI...

CVE-2025-43933

fblog through 983bede allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

CVE-2024-51037

An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function...

CVE-2021-46122

Tp-Link TL-WR840N EU v6.20 Firmware 0.9.1 4.17 v0001.0 Build 201124 Rel.64328n is vulnerable to Buffer Overflow via the Password reset feature...

CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts...

Perforce Gliffy 安全漏洞

Perforce Gliffy is a Perforce software for charting via HTML5 cloud-based applications. A security vulnerability exists in Perforce Gliffy that stems from an authentication flaw in the application reset feature that results in broken authentication...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a crash if the ASSERT function in the scrubreadendio function fails when using btrfs/060 and forcing the RST...

Incorrect Authorization

github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...

PT-2024-22887 · Entrust · E-Trust Horacius

Name of the Vulnerable Software and Affected Versions: e-trust Horacius versions 1.0 through 1.2 Description: The issue allows a local attacker to escalate privileges via the password reset function. It is described as an Insecure Permissions vulnerability, enabling unauthenticated privilege...

CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature...

CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...