Vendor
critical
advisory
blueprintUE Account Takeover Vulnerability (CVE-2026-40588)
2 rules 1 TTP 1 CVEblueprintUE versions prior to 4.2.0 are vulnerable to account takeover due to a missing current password validation on the password change form, allowing attackers with an authenticated session to change the password without knowing the original credential.
blueprintUE
account-takeover
CVE-2026-40588
web-application
2r
1t
1c
medium
advisory
blueprintUE Password Reset Token Vulnerability (CVE-2026-40585)
2 rules 1 TTP 1 CVEblueprintUE versions before 4.2.0 generate password reset tokens that remain valid indefinitely due to the absence of a timestamp validation, allowing attackers to potentially gain unauthorized access via token reuse.
blueprintUE
cve-2026-40585
password-reset
2r
1t
1c