CVE-2026-35675 — phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification — CVE Database · The Intelligence Room