7 matches found
CVE-2025-62406
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...
PT-2025-47413
Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.7.0 Description Piwigo is a photo gallery application for the web. The password reset function in versions prior to 15.7.0 does not validate the hostname used in the password-reset URL, which is taken directly from...
PT-2023-13456 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.5.7 GitLab CE/EE versions 15.6.0 through 15.6.3 GitLab CE/EE versions 15.7.0 through 15.7.1 Description: An issue has been discovered in GitLab CE/EE where a crafted Prometheus Server query can cause high...