Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2024-01-13 CVE-2024-0491 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huaxiaerp Huaxia ERP
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1.
network
low complexity
huaxiaerp CWE-640
7.5
2024-01-12 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
network
low complexity
gitlab CWE-640
7.5
2024-01-11 CVE-2024-0425 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Foru CMS Project Foru CMS
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23.
network
low complexity
foru-cms-project CWE-640
7.5
2024-01-10 CVE-2023-50172 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wwbn Avideo 15Fed957Fb
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-640
5.3
2024-01-02 CVE-2024-0186 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huiran Host Reseller System Project Huiran Host Reseller System
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0.
8.1
2023-11-30 CVE-2023-49097 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel
ZITADEL is an identity infrastructure system.
network
low complexity
zitadel CWE-640
8.8
2023-11-18 CVE-2023-4214 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5.
network
low complexity
apppresser CWE-640
critical
9.8
2023-11-11 CVE-2023-5959 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Byzoro Smart S85F Firmware V31R02B1001
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01.
low complexity
byzoro CWE-640
4.3
2023-11-08 CVE-2023-47107 Weak Password Recovery Mechanism for Forgotten Password vulnerability in THM Pilos
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer.
network
low complexity
thm CWE-640
8.8
2023-10-31 CVE-2023-46138 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications.
network
low complexity
fit2cloud CWE-640
5.3