Lucene search
+L

135 matches found

redhatcve
redhatcve
added 2025/05/23 11:35 a.m.10 views

CVE-2025-22144

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...

9.8CVSS7.1AI score0.00729EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 10:45 a.m.5 views

CVE-2024-9104

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimateaichangepass' function. This makes it possible for unauthenticated...

5.6CVSS7.4AI score0.00322EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 10:39 a.m.8 views

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

8.1CVSS7AI score0.00508EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 10:34 a.m.7 views

CVE-2024-45298

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...

4.3CVSS7.1AI score0.00402EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 9:41 a.m.8 views

CVE-2024-1525

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their...

5.3CVSS6.8AI score0.00453EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:45 a.m.9 views

CVE-2024-28288

Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...

9.8CVSS7.1AI score0.00724EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:45 a.m.6 views

CVE-2023-22591

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710...

3.9CVSS6.4AI score0.00223EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:54 a.m.10 views

CVE-2023-46138

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

5.3CVSS7.1AI score0.00316EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 3:30 a.m.7 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

8.1CVSS6.9AI score0.00917EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 11:5 p.m.8 views

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

5.3CVSS7.1AI score0.00527EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:51 p.m.7 views

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

9.8CVSS7.2AI score0.00771EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:13 p.m.7 views

CVE-2022-20482

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.6AI score0.00157EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:12 p.m.8 views

CVE-2022-36106

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...

5.4CVSS7AI score0.00763EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 9:59 p.m.7 views

CVE-2022-44004

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password...

9.8CVSS7AI score0.01182EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 9:10 p.m.10 views

CVE-2021-45603

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before...

6.1CVSS6.9AI score0.00578EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 4:16 p.m.8 views

CVE-2020-13416

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...

6.5CVSS7.2AI score0.0051EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 10:31 a.m.7 views

CVE-2019-14089

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

7.8CVSS7.1AI score0.0016EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:18 a.m.8 views

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."...

7.5CVSS6.9AI score0.01265EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:13 a.m.21 views

CVE-2019-3579

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...

5.3CVSS6.7AI score0.0153EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:56 a.m.8 views

CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmcusername parameter to passreset.php is vulnerable...

6.1CVSS6.1AI score0.21232EPSS
Exploits4References1
Rows per page
Query Builder