Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-06 | CVE-2024-6203 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. | 8.1 |
2024-07-25 | CVE-2024-38287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rhubcom Turbomeeting The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value. | 9.8 |
2024-06-16 | CVE-2024-38468 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. | 9.8 |
2024-06-10 | CVE-2024-36407 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
2024-06-03 | CVE-2024-5404 | An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism. | 9.8 |
2024-02-13 | CVE-2024-22454 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell Powerprotect Data Manager Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. | 8.8 |
2024-01-13 | CVE-2024-0491 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huaxiaerp Huaxia ERP A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. | 7.5 |
2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |
2024-01-11 | CVE-2024-0425 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Foru CMS Project Foru CMS 20200623 A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. | 7.5 |
2024-01-10 | CVE-2023-50172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wwbn Avideo 15Fed957Fb A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. | 5.3 |