Weintek Weincloud v0.13.6 could allow an malicious user to reset a password with the corresponding account’s JWT token only.
weintek weincloud 0.13.6