Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-38287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rhubcom Turbomeeting The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value. | 9.8 |
| 2024-06-16 | CVE-2024-38468 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. | 9.8 |
| 2024-06-11 | CVE-2023-7264 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Buildapp Build APP Online The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. | 9.8 |
| 2024-06-10 | CVE-2024-36407 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |
| 2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |
| 2023-11-18 | CVE-2023-4214 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. | 9.8 |
| 2023-11-08 | CVE-2023-47107 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in THM Pilos PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. | 8.8 |
| 2023-09-19 | CVE-2023-4096 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fujitsu Arconte Aurea 1.5.0.0 Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | 8.2 |
| 2023-09-04 | CVE-2023-3222 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password Recovery Project Password Recovery 1.2 Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. | 7.5 |