VYPR
Vendor

Blueprintue

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2026-40588HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid…

  • CVE-2026-40586HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary…

  • CVE-2026-40585HigApr 21, 2026
    risk 0.41cvss 7.4epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestamp. However, the token redemption function findUserIDFromEmailAndToken() queries…

  • CVE-2026-40587MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A…