Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-38287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rhubcom Turbomeeting The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value. | 9.8 |
| 2024-06-16 | CVE-2024-38468 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. | 9.8 |
| 2024-06-11 | CVE-2023-7264 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Buildapp Build APP Online The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. | 9.8 |
| 2024-06-10 | CVE-2024-36407 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |
| 2024-03-25 | CVE-2024-2862 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in LG LED Assistant 2.1.65 This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | 9.8 |
| 2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |
| 2023-11-18 | CVE-2023-4214 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. | 9.8 |
| 2023-11-08 | CVE-2023-47107 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in THM Pilos PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. | 8.8 |
| 2023-09-27 | CVE-2023-43650 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 7.4 |