3 matches found
CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...
PT-2026-28346
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet’s password management logic had a flaw that allowed previously issued password reset tokens to remain valid even after a user changed their password. This meant a stale token could be reused to...
CVE-2026-25809 PlaciPy Code Execution Allowed Without Assessment Active State Validation
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission...