40 matches found
MAXHUB Pivot client application 授权问题漏洞
The MAXHUB Pivot client application is a client component of a device management platform from MAXHUB Corporation. An authorization issue vulnerability exists in the MAXHUB Pivot client application that stems from a weak password reset mechanism that could lead to account takeover...
EUVD-2024-43216
Malicious code in bioql PyPI...
CVE-2021-41696
An authentication bypass account takeover vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29995 Account Takeover Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29995
The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...
Rising Technosoft CAP back office application 授权问题漏洞
Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. The Rising Technosoft CAP back office application suffers from an authorization issue vulnerability that stems from a weak password reset mechanism implemented in the API endpoint that allows ...
CVE-2024-48845
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...
CVE-2024-48845
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...
ABB ASPECT 安全漏洞
ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that stems from the inclusion of a weak password reset rule vulnerability. An attacker could exploit this vulnerability to gain unauthorized...
CVE-2023-7264
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...
CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...
CVE-2023-7264
The Build App Online plugin for WordPress (all versions up to 1.0.21) is vulnerable due to a weak password reset mechanism. An unauthenticated attacker can reset arbitrary user passwords by guessing a 4‑digit numeric reset code, enabling account takeover with high impact (C/H/I/A). The connected ...
CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...
CVE-2023-43650 Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver
JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code,...
CVE-2023-30466
This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a...
CVE-2023-30466 Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR)
This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a...
CVE-2023-30466
CVE-2023-30466 affects Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG/E/T/H/C). The root cause is a weak password-reset mechanism in the NVR web-based management interface, enabling a remote attacker to perform account takeover via specially crafted HTTP requests. The connected sources provid...
CVE-2022-39216 Combodo iTop's weak password reset token leads to account takeover
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1...