Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qxfy-5s74-kkan
SummaryPiwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.
Aliases
0
alias CVE-2025-62512
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62512
reference_id
reference_type
scores
0
value 0.02035
scoring_system epss
scoring_elements 0.84186
published_at 2026-06-11T12:55:00Z
1
value 0.02035
scoring_system epss
scoring_elements 0.84242
published_at 2026-06-12T12:55:00Z
2
value 0.02035
scoring_system epss
scoring_elements 0.8425
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62512
1
reference_url https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc
reference_id GHSA-h4wx-7m83-xfxc
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:52:21Z/
url https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc
Weaknesses
0
cwe_id 204
name Observable Response Discrepancy
description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Exploits
Severity_range_score5.5 - 5.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qxfy-5s74-kkan