[MEDIUM] Pterodactyl Panel: Client email change endpoint allows enumeration of accounts in system

PKSA-mzmz-41cv-9dtv GHSA-j7f5-gfqm-pcx3

Affected version: <1.12.3

Reported by:
GitHub

[LOW] Pterodactyl has a database resource limit bypass via race condition in Client API

PKSA-d16c-6bkx-pfvs CVE-2026-35202 GHSA-fgmm-w5cx-vrfw

Affected version: <1.12.3

Reported by:
GitHub