Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |
| 2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |
| 2023-11-18 | CVE-2023-4214 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. | 9.8 |
| 2023-11-08 | CVE-2023-47107 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in THM Pilos PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. | 8.8 |
| 2023-09-19 | CVE-2023-4096 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fujitsu Arconte Aurea 1.5.0.0 Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | 8.2 |
| 2023-09-04 | CVE-2023-3222 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password Recovery Project Password Recovery 1.2 Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. | 7.5 |
| 2023-06-28 | CVE-2023-26615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | 7.5 |
| 2023-05-31 | CVE-2023-3007 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Student Management System Project Student Management System 1.0 A vulnerability was found in ningzichun Student Management System 1.0. | 9.8 |
| 2023-05-24 | CVE-2023-31459 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. | 8.8 |
| 2023-04-28 | CVE-2023-28821 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 5.3 |