CVE-2026-48902

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

CVE-2025-13366

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

EUVD-2020-27293

Malware in sbrugna...

EUVD-2014-2253

Malware in sbrugna...

EUVD-2020-0405

Malware in sbrugna...

EUVD-2021-2111

Malware in sbrugna...

EUVD-2024-22023

Malicious code in bioql PyPI...

EUVD-2024-49424

Malicious code in bioql PyPI...

EUVD-2025-4366

Malicious code in bioql PyPI...

Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

CVE-2024-5174

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174

CVE-2024-5174 affects Perforce Gliffy and describes a flaw in the reset functionality that results in broken authentication. The available connected data identifies Gliffy as the affected software and the underlying issue as an authentication problem during reset, but does not provide concrete de...

CVE-2024-5174 Broken Authentication in Gliffy

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174 Broken Authentication in Gliffy

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

PT-2025-7712 · Gliffy · Gliffy

Name of the Vulnerable Software and Affected Versions: Gliffy affected versions not specified Description: A flaw in the application results in broken authentication through the reset functionality. Recommendations: At the moment, there is no information about a newer version that contains a fix...

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

CVE-2020-6140

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-11398

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in OTP reset functionality in Synology Router Manager SRM before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors...

LinkedIn: Can see phone numbers of others by providing mail address

The vulnerability allowed an attacker to view a user's phone number by abusing the password reset functionality. The phone number was exposed in the input field after verifying the user's email address...