Lucene search
K

87 matches found

NVD
NVD
added 6 days ago4 views

CVE-2026-55207

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server...

8.8CVSS0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56933

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 2025.4.6 Pimcore versions prior to 2026.1.6 Description An unauthenticated attacker who knows a valid admin username can take over an admin account by sending a password reset request containing an attacker-controlled...

8.8CVSS6.1AI score0.0035EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41267

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 8:33 a.m.16 views

CVE-2026-12472

The CVE-2026-12472 entry concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. It states an authorization bypass in all versions up to 6.0.11, enabling unauthenticated attackers to send arbitrary HTML-injected emails via the site’s mail server, potentially phi...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:49 a.m.6 views

CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/24 6:49 a.m.41 views

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
CVE
CVE
added 2026/06/24 6:49 a.m.10 views

CVE-2026-7761

CVE-2026-7761 affects the WordPress plugin Ultimate Member up to version 2.11.4. The description in connected sources details a chain of three logic flaws causing account takeover via password reset URL disclosure: (1) an MD5 hash fallback in get_directory_by_hash() allows routing to a crafted po...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/05 3:59 p.m.7 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS in the password reset. An attacker can execute arbitrary JavaScript in the context of the application by crafting a malicious password reset link and convincing a victim to follow it. This...

6.1CVSS5.3AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 4:43 p.m.45 views

CVE-2026-48902

CVE-2026-48902 affects Joomla! Core. The password/username reset features generate plain http links for https connections when Force SSL is not explicitly enabled, enabling possible credential exposure via downgraded transport. The issue is documented across multiple feeds (e.g., JOOMLA-1050) and...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41155

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description The password reset flow in the resetRequest route of the modules/@apostrophecms/login/index.js component constructs the reset URL using req.hostname. When apos.baseUrl is not explicitly...

8.1CVSS5.2AI score0.0025EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/04 7:27 a.m.6 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpbb/phpbb is a Forum Software application. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the forceservervars configuration being disabled. An attacker can cause password reset emails to contain links to attacker-controll...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 7:15 a.m.11 views

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

8.1CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 5:42 a.m.47 views

CVE-2026-29199

CVE-2026-29199 affects phpBB prior to 3.3.16. The issue is a Host Header Injection in which, when force_server_vars is disabled, the server hostname is sourced from the HTTP Host header to build the password reset URL. An attacker who can control or influence the Host header can cause password re...

8.1CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:42 a.m.49 views

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36770

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Host Header Injection occurs when force server vars is disabled, allowing the server's hostname to be extracted from the HTTP Host header to generate password reset link URLs. An attacker capable of...

8.1CVSS5.8AI score0.00249EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/23 7:33 p.m.13 views

EUVD-2026-25291

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle...

7.5CVSS5.8AI score0.00192EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/10 3:25 p.m.11 views

Host Header Injection

github.com/zitadel/zitadel is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Forwarded or X-Forwarded-Host headers when generating password reset links, which allows an attacker to manipulate the link to a malicious domain and capture the reset code,...

8.8CVSS5.8AI score0.00345EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 6:1 p.m.4 views

CVE-2026-33417 Wallos: Password Reset Tokens Never Expire

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

6.5CVSS5.7AI score0.00264EPSS
Exploits1References2
NVD
NVD
added 2026/03/16 2:18 p.m.4 views

CVE-2025-69240

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...

8.8CVSS0.0015EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:49 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to...

7.2CVSS5.8AI score0.00344EPSS
Exploits1References2
Rows per page
Query Builder