CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

StrangeBee TheHive 安全漏洞

StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.5.1, which stems from an unrestricted password reset feature that could lead to mailbox storage exhaustion or SMTP server overload...