CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover

Summary A low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are...

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password reset process. An attacker can gain unauthorized access to user accounts by injecting a malicious password reset link and capturing the reset token if the legitimat...

PT-2026-8041

Name of the Vulnerable Software and Affected Versions Known versions prior to 1.6.3 Known version 1.6.2 Description A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an...

GHSA-WGPV-6J63-X5PH Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Summary The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account...

CVE-2025-52898 Frappe account takeover via password reset token leakage

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users...

PT-2022-28185 · Unknown · Redwood Dbauth

Name of the Vulnerable Software and Affected Versions: Redwood dbAuth versions 0.38.0 through 3.3.0 Redwood dbAuth versions 0.38.0 through 2.2.4 Description: This issue affects the dbAuth "forgot password" feature in Redwood, allowing a malicious user to obtain a reset token for any user given...