CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

EUVD-2026-27887

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-21622 Password Reset Tokens Do Not Expire

Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

CVE-2025-2910 User enumeration vulnerability in MeetMe products

User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages...

CVE-2025-2910

CVE-2025-2910 concerns MeetMe, specifically the authentication service's password reset module. The vulnerability enables user enumeration by responding with distinct error messages that reveal whether an email address is registered, affecting versions prior to 2024-09. Affected software/componen...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the errorstateread function of the drm/i915/reset module that uses a null pointer at a non-zero offset...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the reset module to properly handle null member accesses when processing the StarFive JH7110 So...

PT-2023-20588 · Forcepoint · Forcepoint Web Security +1

Name of the Vulnerable Software and Affected Versions: Forcepoint Cloud Security Gateway CSG versions prior to 03/29/2023 Forcepoint Web Security versions prior to 03/29/2023 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site...

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

Design/Logic Flaw

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

CVE-2020-10966

Summary (CVE-2020-10966): The vulnerability affects Vesta Control Panel and Hestia Control Panel Password Reset Module. Through versions VestaCP up to 0.9.8-25 (and Hestia up to 1.1.1), an attacker can manipulate the Host header to cause an account takeover, as the reset URL delivered to the vict...

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...