4 matches found
CVE-2026-39912
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...
CVE-2026-39912
creationtimestamp| type| source ---|---|--- 2026-04-09 19:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79626 2026-04-09 19:00:16+00:00| published-proof-of-concept| Telegram/D93PNV0ZDDhFcNAz6Y8rIrXVIHC8JbrFVB09wwsI3cT7dE 2026-04-09 21:00:05+00:00| published-proof-of-concept|...
CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...
Exploit for CVE-2026-39912
CVE-2026-39912 - Xboard / V2Board Unauth Account Takeover M...