7 matches found
Weak Password Recovery Mechanism for Forgotten Password
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the userrecovery process. An attacker can gain unauthorized access to any admin account by triggering a password recovery for th...
CVE-2026-7652
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
EUVD-2026-28881
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account...
CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation
Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...
CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...
CVE-2025-61977
CVE-2025-61977 concerns AutomationDirect Productivity Suite, version 4.4.1.19. The connected sources describe a vulnerability in the weak password recovery mechanism for forgotten passwords, which allows an attacker to decrypt an encrypted project by answering a single recovery question. The CVSS...