CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

PT-2025-35568

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.1 through 6.4.2 Description: A user enumeration issue exists in the /CredentialsServlet/ForgotPassword endpoint. This allows remote attackers to determine valid usernames via the Login parameter. Recommendations:...

PT-2025-3969 · Facile Sistemas · Facile Sistemas Cloud Apps

Name of the Vulnerable Software and Affected Versions: Facile Sistemas Cloud Apps up to 20250107 Description: A vulnerability was found in the Password Reset Handler component of Facile Sistemas Cloud Apps, affecting an unknown function of the file /account/forgotpassword. The manipulation of the...

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...