CVE-2024-12776

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-305
View all →

Vulnerability Description

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.

Related Vulnerabilities

CVE-2019-3878

HIGH
CVSS:8.1(High)

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require vali...

CWE-3052019

CVE-2023-4898

HIGH
CVSS:8.2(High)

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

CWE-3052023

CVE-2022-23729

HIGH
CVSS:7.8(High)

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

CWE-3052022

CVE-2023-6998

HIGH
CVSS:7.7(High)

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.

CWE-3052023

CVE-2020-10126

HIGH
CVSS:7.6(High)

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart...

CWE-3052020

CVE-2023-0777

HIGH
CVSS:8.6(High)

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

CWE-3052023