Lucene search
K

12 matches found

EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208507

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

9.4CVSS5.8AI score0.00389EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 12:0 a.m.2 views

CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

5.8AI score0.00389EPSS
Exploits0References2
CVE
CVE
added 2024/06/16 12:0 a.m.93 views

CVE-2024-38468

CVE-2024-38468 affects Shenzhen Guoxin Synthesis Image System prior to version 8.3.0. The vulnerability allows unauthorized password resets via the resetPassword API, exposing high-severity impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected component is the image system’s resetPass...

9.8CVSS7.2AI score0.00421EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.42 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00903EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2023/09/13 3:15 a.m.8 views

CVE-2023-4915

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

5.3CVSS5.3AI score0.00377EPSS
Exploits0References2
CVE
CVE
added 2023/09/13 2:54 a.m.58 views

CVE-2023-4915

CVE-2023-4915 concerns the WP User Control WordPress plugin. The vulnerability stems from using native password-reset functionality with insufficient validation in the WP User Control Widget, allowing unauthorized password resets for versions up to and including 1.5.3. The attacker can initiate a...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/04/27 12:15 a.m.29 views

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...

9.8CVSS7.1AI score0.00987EPSS
Exploits1References4
OSV
OSV
added 2023/04/27 12:15 a.m.5 views

CVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...

8.1CVSS5.8AI score0.00987EPSS
Exploits1References4
CVE
CVE
added 2023/04/26 11:30 p.m.56 views

CVE-2023-2297

CVE-2023-2297 affects the WordPress Profile Builder plugin (versions ≤ 3.9.0). The root cause is insecure password reset handling: the plugin uses the plaintext reset key rather than a hashed value in wppb_front_end_password_recovery, enabling unauthorized password resets. The advisory notes that...

9.8CVSS7.1AI score0.00987EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/04/26 11:30 p.m.41 views

CVE-2023-2297 Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function...

9.8CVSS7.8AI score0.00987EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.7 views

Kiteworks MFT 安全漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks MFT that could allow an unauthorized user to reset another user's password. This issue is fixed in version 7.6 and later...

6.5CVSS6.5AI score0.00834EPSS
Exploits0References3
NVD
NVD
added 2013/04/25 11:55 p.m.29 views

CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

6.8CVSS7AI score0.14126EPSS
Exploits3References7
Rows per page
Query Builder