Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

CVE-2026-27812

Sub2API (AI API gateway) contains a Password Reset Poisoning flaw in versions before 0.1.85, caused by a Host/Forwarded Header trust issue that lets an attacker inject their own domain into the password reset link and potentially take over an account. The issue is addressed in v0.1.85. If upgradi...

EUVD-2025-24567

Malicious code in bioql PyPI...

OMERO.web displays unecessary user information when requesting password reset

Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...

GHSA-GPMG-4X4G-MR5R OMERO.web displays unecessary user information when requesting password reset

Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...

CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...

PT-2025-32994 · Omero.Web · Omero.Web

Name of the Vulnerable Software and Affected Versions: OMERO.web versions prior to 5.29.2 Description: OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpag...

PT-2024-25996 · Sunhillo · Sunhillo Sureline

Name of the Vulnerable Software and Affected Versions: Sunhillo SureLine versions through 8.10.0 Description: The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the /cgi/usrPasswd.cgi endpoint, specifically targeting the user...

PT-2019-4343 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.837 Description: The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacke...