Flowise AccountService resetPassword Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. The issue results from improper...

CVE-2025-13565

A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made...

CVE-2025-13565

CVE-2025-13565 affects SourceCodester Inventory Management System 1.0. The weakness is in /model/user/resetPassword.php, where manipulation of an unknown function can enable weak password recovery. The vulnerability is exploitable remotely and a public exploit exists. Impact is indicated as weak ...

SourceCodester Inventory Management System 授权问题漏洞

SourceCodester Inventory Management System is a SourceCodester open source inventory management system. An authorization issue vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from the incorrect manipulation of a parameter by an unknown function in the...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...

CVE-2025-59747 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in...

CVE-2025-5782 PHPGurukul Employee Record Management System resetpassword.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launch...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2019-3578

MyBB 1.8.19 has XSS in the resetpassword function...

CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API...

CVE-2024-38468

CVE-2024-38468 affects Shenzhen Guoxin Synthesis Image System prior to version 8.3.0. The vulnerability allows unauthorized password resets via the resetPassword API, exposing high-severity impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected component is the image system’s resetPass...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2024-3018

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possib...

PT-2024-23230 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows authenticated attackers with author-level access and above to inject a PHP Object via deserialization of untrusted inp...

PT-2023-22524 · Unknown · Ningzichun Student Management System

Name of the Vulnerable Software and Affected Versions: ningzichun Student Management System version 1.0 Description: A critical issue affects some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the sid argument leads to weak passwo...

CVE-2016-15014

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials...

CVE-2016-15014

Summary: CVE-2016-15014 affects the CESNET theme-cesnet for ownCloud up to version 1.x. The issue concerns an unknown function in cesnet/core/lostpassword/templates/resetpassword.php that results in insufficiently protected credentials. Exploitation is described as local-only. The recommended fix...

theme-cesnet 安全漏洞

theme-cesnet is a CESNET open source custom CESNET theme for ownCloud. A security vulnerability exists in CESNET theme-cesnet versions prior to 2.0.0, which stems from a problem with an unknown function in the file cesnet/core/lostpassword/templates/resetpassword.php, which can lead to insufficie...

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...