CVE-2026-59712 - Leantime - Credential Disclosure via Unauthenticated JSON-RPC users.getUser Method
CVE ID :CVE-2026-59712 Published : July 6, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets,...