3 matches found
CVE-2026-44679
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...
PT-2026-41122
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...
CVE-2026-34408
CVE-2026-34408 affects Gambio 4.9.2.0. The issue is that the password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the user ID is known. Root cause: insecure password reset flow leading to unauthorized password changes. A patch was released in 2024-02 v1.0.0...