3.7.36

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-09	CVE-2022-29933	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. network low complexity craftcms CWE-640	8.8