Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |
| 2024-06-03 | CVE-2024-5404 | An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism. | 9.8 |
| 2024-02-13 | CVE-2024-22454 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell Powerprotect Data Manager Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. | 8.8 |
| 2024-01-13 | CVE-2024-0491 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huaxiaerp Huaxia ERP A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. | 7.5 |
| 2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |
| 2024-01-11 | CVE-2024-0425 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Foru CMS Project Foru CMS 20200623 A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. | 7.5 |
| 2024-01-10 | CVE-2023-50172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wwbn Avideo 15Fed957Fb A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. | 5.3 |
| 2024-01-02 | CVE-2024-0186 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huiran Host Reseller System Project Huiran Host Reseller System A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. | 8.1 |
| 2023-12-12 | CVE-2023-42481 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in SAP Commerce Cloud 8.1 In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. | 8.1 |
| 2023-11-30 | CVE-2023-49097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel ZITADEL is an identity infrastructure system. | 8.8 |