CVE-2025-56676
TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset feature. The reset token is not correctly bound to the requesting account and may be accepted for other user emails during login, allowing an attacker to log in as any user and potentially escalate privile...