4 matches found
CVE-2025-66307 Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...
CVE-2025-66307
CVE-2025-66307 Grav Admin Plugin describes a user enumeration and email disclosure flaw in Grav’s Admin plugin prior to version 1.11.0-beta.1. The vulnerability is triggered via the Forgot Password workflow at /admin/forgot, which leaks a valid user’s email address by returning distinct responses...
CVE-2023-30846
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...
PT-2024-35374 · Jenkins · Jenkins Authorize Project Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Authorize Project Plugin versions 1.7.2 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs when a string containing the job name is evaluated with JavaScript on the Authorizatio...