Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-10-25 | CVE-2024-48428 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Olivegroup Olivevle An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. | 9.8 |
| 2024-10-25 | CVE-2024-9302 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Appcheap APP Builder The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. | 9.8 |
| 2024-10-16 | CVE-2024-9305 | The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. | 8.1 |
| 2024-09-25 | CVE-2024-8878 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05 The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | 9.8 |
| 2024-09-11 | CVE-2024-8692 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tduckcloud Tduckpro A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. | 9.8 |
| 2024-08-06 | CVE-2024-6203 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. | 8.1 |
| 2024-07-25 | CVE-2024-38287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rhubcom Turbomeeting The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value. | 9.8 |
| 2024-06-16 | CVE-2024-38468 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. | 9.8 |
| 2024-06-10 | CVE-2024-36407 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |