Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»Alerts»CVE-2026-10169 | THREATINT
    Alerts

    CVE-2026-10169 | THREATINT

    adminBy adminMay 30, 2026No Comments1 Min Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Home

    Description

    A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot Password Endpoint. The manipulation of the argument email results in weak password recovery. The attack can be launched remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

    PUBLISHED Reserved 2026-05-30 | Published 2026-05-31 | Updated 2026-05-31 | Assigner VulDB

    MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

    LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

    LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

    2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

    Problem types

    Weak Password Recovery

    Product status

    1e70e5ad1125b86dca4ee086eb6bb121f17708b6
    affected

    Timeline

    2026-05-30: Advisory disclosed
    2026-05-30: VulDB entry created
    2026-05-30: VulDB entry last update

    Credits

    seventeenss (VulDB User) reporter

    VulDB CNA Team coordinator

    References

    vuldb.com/vuln/367423 (VDB-367423 | OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery) vdb-entry technical-description

    vuldb.com/vuln/367423/cti (VDB-367423 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

    vuldb.com/submit/819395 (Submit #819395 | OUSL-GROUP-BrinaryBrains School-Student-Management-System 1.0 Account Enumeration and Arbitrary Password Reset in Forgot Passw) third-party-advisory

    github.com/…ins/School-Student-Management-System/issues/26 exploit issue-tracking

    cve.org (CVE-2026-10169)

    nvd.nist.gov (CVE-2026-10169)

    Download JSON



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleSSA-472448 V1.0: Security Bypass Vulnerability in the SQL Client-Server Communication in Siveillance Video
    Next Article SSA-000297 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.6
    admin
    • Website

    Related Posts

    Alerts

    CISA Adds One Known Exploited Vulnerability to Catalog

    June 12, 2026
    Alerts

    FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

    June 12, 2026
    Alerts

    SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

    June 12, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.