2 matches found
PT-2025-48087
Name of the Vulnerable Software and Affected Versions Veal98 Echo Open-Source Community System versions 2.2 through 2.3 Description An unauthenticated attacker can cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint. This could lead t...
User enumeration via forget password
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...