Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-04 | CVE-2023-3222 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password Recovery Project Password Recovery 1.2 Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. | 7.5 |
| 2023-08-21 | CVE-2023-4448 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Openrapid Rapidcms 1.3.1 A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. | 9.8 |
| 2023-07-19 | CVE-2023-35134 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Weintek Weincloud 0.13.6 Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. | 5.9 |
| 2023-06-28 | CVE-2023-26615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | 7.5 |
| 2023-05-31 | CVE-2023-3007 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Student Management System Project Student Management System 1.0 A vulnerability was found in ningzichun Student Management System 1.0. | 9.8 |
| 2023-05-24 | CVE-2023-31459 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. | 8.8 |
| 2023-04-28 | CVE-2023-28821 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 5.3 |
| 2023-04-28 | CVE-2023-30466 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Milesight products This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. | 9.8 |
| 2023-04-27 | CVE-2023-31287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Serenity Serene and Startsharp An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. | 7.8 |
| 2023-04-20 | CVE-2021-36436 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mobicint 3.0 An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. | 5.3 |