Lucene search
+L

16141 matches found

nuclei
nuclei
added yesterday48 views

OctoberCMS - Account Takeover

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...

9.1CVSS7.1AI score0.90418EPSS
Exploits1References3
nuclei
nuclei
added yesterday12 views

ThemeGrill Demo Importer < 1.6.2 - Database Reset

ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...

9.1CVSS7.1AI score0.03429EPSS
Exploits1References2
nuclei
nuclei
added yesterday16 views

Piwigo - User Enumeration via Password Reset

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS6.1AI score0.00766EPSS
Exploits1References1
nuclei
nuclei
added yesterday11 views

BMC FootPrints - Authentication Bypass

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...

9.1CVSS6.2AI score0.3436EPSS
Exploits4References2
nuclei
nuclei
added yesterday19 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS7AI score0.06441EPSS
Exploits4References5
nuclei
nuclei
added yesterday14 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS6.1AI score0.00648EPSS
Exploits1References2
nuclei
nuclei
added yesterday17 views

NocoDB < 0.258.0 - Reflected XSS in Password Reset

NocoDB versions before 0.258.0 contain a reflected cross-site scripting caused by insecure use of '\u003C%-' in resetPassword.ts, letting attackers execute malicious scripts in victims' browsers, exploit requires sending crafted requests to /api/v1/db/auth/password/reset/:tokenId. id:...

6.1CVSS6.1AI score0.00683EPSS
Exploits1References3
nuclei
nuclei
added yesterday13 views

PHP Login System 2.0.1 - Cross-Site Scripting

msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...

6.1CVSS6.6AI score0.00824EPSS
Exploits0References2
nuclei
nuclei
added yesterday17 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7AI score0.07696EPSS
Exploits2References2
nuclei
nuclei
added yesterday45 views

iTop - User Enumeration via REST Endpoint

From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is doresetpwd, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided. id: CVE-2024-51739 info: name: iTop - User...

7.5CVSS7AI score0.01259EPSS
Exploits0References3
nuclei
nuclei
added yesterday16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
nuclei
nuclei
added yesterday11 views

LG LED Assistant - Unauthenticated Password Reset

The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...

9.8CVSS6.1AI score0.51001EPSS
Exploits0References3
nvd
nvd
added 2 days ago4 views

CVE-2026-55445

Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...

9.3CVSS0.00404EPSS
Exploits0References3
cve
cve
added 2 days ago15 views

CVE-2026-55445

Qinglong vulnerability CVE-2026-55445: Before 2.20.1, the init guard in back/loaders/express.ts checked /api/user/init but not /open/user/init. After a subsequent rewrite of /open/* to /api/$1 (post-auth), an unauthenticated attacker could issue PUT /open/user/init to reset the administrator cred...

9.3CVSS6.1AI score0.00404EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-44648

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score0.00244EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago34 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS0.00244EPSS
Exploits0References2
cve
cve
added 2 days ago5 views

CVE-2026-61451

CVE-2026-61451 affects Grav API plugin (grav-plugin-api)

9.6CVSS6.2AI score0.00244EPSS
Exploits0References2
nvd
nvd
added 5 days ago7 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
ptsecurity
ptsecurity
added 6 days ago11 views

PT-2026-57416

Name of the Vulnerable Software and Affected Versions The Essential Addons for Elementor versions prior to 6.6.11 Description Insufficient server-side validation of a Login/Register widget setting allows authenticated attackers with Contributor-level access or higher to perform Email Header...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References15
ptsecurity
ptsecurity
added 6 days ago9 views

PT-2026-57403

Name of the Vulnerable Software and Affected Versions SureCart versions prior to 4.2.4 Description An issue exists that allows privilege escalation via account takeover. The software fails to properly validate a user's identity when updating details, such as the email address, during customer...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References9
Rows per page
Query Builder