4 matches found
CVE-2026-26273
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve...
CVE-2026-26273
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve...
CVE-2026-26273
Known (social publishing platform) prior to version 1.6.3 contains a critical Broken Authentication weakness in 1.6.2 and earlier: the password reset token is leaked in a hidden HTML input field on the password reset page, allowing unauthenticated attackers to retrieve the token by querying the u...
USN-4224-1 python-django vulnerability
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...