CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

CVE-2025-62057

CVE-2025-62057 is an XSS vulnerability in the WordPress plugin Houzez Theme - Functionality (versions

CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Houzez versions 4.2.0...

Drupal Mail Login 安全漏洞

Drupal Mail Login is an email address login plugin for the Drupal community. A security vulnerability exists in Drupal Mail Login versions prior to 3.2.0 and prior to 4.2.0, which stems from an improperly restricted authentication attempt that could lead to a brute force cracking attack...

Litespeed Technologie LiteSpeed QUIC（LSQUIC） 安全漏洞

Litespeed Technologie LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from Litespeed Technologie, USA. A security vulnerability exists in Litespeed Technologie LiteSpeed QUIC LSQUIC prior to version 4.2.0 that stems from the presence...

PT-2024-1846 · Wireshark +2 · Wireshark +2

Name of the Vulnerable Software and Affected Versions: Wireshark versions prior to 4.2.0 Description: The issue is related to a buffer overflow in the pan/addr resolv.c component of Wireshark, which can be exploited by a remote attacker to cause a denial of service. The ws manuf lookup str functi...

Mattermost Server is vulnerable to XSS through display name field

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS...

CVE-2019-19885

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0...