Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-26872 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13 AMI Megarac Password reset interception via API | 8.8 |
| 2023-01-19 | CVE-2015-10071 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitter EZ Publish Modern Legacy A vulnerability was found in gitter-badger ezpublish-modern-legacy. | 7.5 |
| 2023-01-12 | CVE-2022-25027 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rocketsoftware Trufusion Enterprise The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | 7.5 |
| 2022-12-26 | CVE-2020-12067 | In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. | 7.5 |
| 2022-12-12 | CVE-2022-3485 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IFM Moneo Qha200 Firmware and Moneo Qha210 Firmware In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device. | 9.8 |
| 2022-11-16 | CVE-2022-44004 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. | 9.8 |
| 2022-07-06 | CVE-2022-23172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. | 4.0 |
| 2022-05-17 | CVE-2022-29174 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Count Countly Server countly-server is the server-side part of Countly, a product analytics solution. | 6.8 |
| 2022-05-09 | CVE-2022-29933 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. | 6.8 |
| 2022-04-28 | CVE-2022-24892 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Shopware Shopware is an open source e-commerce software platform. | 6.8 |