CVE-2025-62512

Piwigo 15.x (tested up to 15.5.0) is affected by CVE-2025-62512 through its password reset endpoint password.php?action=lost, which leaks whether a username/email exists by returning distinct messages for valid vs invalid accounts. The vulnerability enables unauthenticated user enumeration and ha...

CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

PT-2026-21770

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 15.5.0 Description Piwigo is a photo gallery application for the web. The password reset functionality allows an unauthenticated attacker to determine if a given username or email address exists in the system. The...

Frappe Cross-Site Scripting Vulnerability

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A cross-site scripting vulnerability exists in Frappe versions prior to 14.59.0, 15.5.0 and 15.5.0, which stems from a cross-site scripting vulnerabilit...