Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/04 7:27 p.m.2 views

Weak Password Recovery Mechanism for Forgotten Password

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the userrecovery process. An attacker can gain unauthorized access to any admin account by triggering a password recovery for th...

7.6CVSS5.8AI score0.00034EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.8 views

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 2:25 a.m.13 views

EUVD-2026-28881

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
Cvelist
Cvelist
added 2025/12/04 9:44 p.m.21 views

CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password

The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...

8.7CVSS0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/14 12:39 p.m.5 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS5.4AI score0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/23 9:51 p.m.2 views

CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

7.3CVSS6.7AI score0.0013EPSS
Exploits0References4
CVE
CVE
added 2025/10/23 9:51 p.m.10 views

CVE-2025-61977

CVE-2025-61977 concerns AutomationDirect Productivity Suite, version 4.4.1.19. The connected sources describe a vulnerability in the weak password recovery mechanism for forgotten passwords, which allows an attacker to decrypt an encrypted project by answering a single recovery question. The CVSS...

7.3CVSS6.7AI score0.0013EPSS
Exploits0References4
Rows per page
Query Builder