Lucene search
+L

32 matches found

Cvelist
Cvelist
added 2026/07/09 7:55 a.m.35 views

CVE-2026-14245 miniOrange OTP Login, Verification and SMS Notifications <= 5.5.1 - Authentication Bypass to Administrator Account Takeover via 'username_b' Parameter

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
CVE
CVE
added 2026/07/08 7:36 a.m.19 views

CVE-2026-57249

CVE-2026-57249 affects Foxit PDF Editor/Reader in the annotation handling path. After opening a PDF, the software resets the annotation status and triggers a reset form event; during the subsequent re-entry it accesses invalid objects, leading to a crash. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56348

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF file and a script resets the annotation status, followed by an additional action that triggers the reset form event. During th...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 4:16 p.m.18 views

CVE-2026-12621

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

5.4CVSS0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 3:53 p.m.9 views

EUVD-2026-38040

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 3:53 p.m.22 views

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50947

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.2r0.0 Description Improper neutralization of input during web page generation in the password reset form allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django versions 5.1.1, 5.0.9, and 4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view that implements password reset processes, allows remote attackers to enumerate user email addresses by sending password reset requests and observing the...

5.3CVSS6.8AI score0.00781EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 8:37 p.m.28 views

CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...

6.1CVSS0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28550

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description The user:reset password form tag does not properly escape user-supplied input before rendering it as HTML, potentially allowing an attacker to inject and execute...

6.1CVSS6.1AI score0.00149EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-4374

Malware in sbrugna...

9CVSS8.8AI score0.06497EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54842

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00301EPSS
Exploits2References2
NVD
NVD
added 2025/09/14 1:15 p.m.4 views

CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

7.1CVSS0.00451EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/14 12:43 p.m.14 views

CVE-2025-10204 Unauth Admin Reset Password on AC Smart II

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

7.1CVSS0.00451EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.7 views

PT-2025-37410

Name of the Vulnerable Software and Affected Versions AC Smart II affected versions not specified Description A vulnerability exists in AC Smart II that allows unauthorized password changes. A hidden form for resetting the administrator password is present on a page, which can be manipulated usin...

7.1CVSS6.5AI score0.00451EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

Sielox AnyWare 安全漏洞

Sielox AnyWare is an access control system from Sielox USA. A security vulnerability exists in Sielox AnyWare version v2.1.2, which stems from an unvalidated email address field in the password reset form, which could lead to SQL injection...

6.5CVSS7.4AI score0.00301EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:30 a.m.14 views

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...

9CVSS7.4AI score0.06497EPSS
Exploits1References1
OSV
OSV
added 2025/04/14 12:15 p.m.3 views

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

6.1CVSS5.7AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/14 12:6 p.m.10 views

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

5.1CVSS5.9AI score0.0023EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/09 9:31 p.m.5 views

Improper Control of Interaction Frequency

Overview goalgorilla/opensocial is a distribution for building social communities and intranets. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to incorrect validation of flood control limits on the password reset form. Remediation Upgrade...

6.9CVSS7AI score0.00355EPSS
Exploits0References2
Rows per page
Query Builder