CVE-2026-53982

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...

CVE-2026-29092

Kiteworks Email Protection Gateway has an insufficient session expiration vulnerability (CVE-2026-29092) affecting versions before 9.2.1. Prior to 9.2.1, blocked users could maintain active sessions after their account is disabled, potentially allowing unauthorized access until the session expire...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

CVE-2024-46892

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...

CVE-2024-46892

CVE-2024-46892 affects Siemens SINEC INS (versions earlier than V1.0 SP2 Update 3). The issue is improper session invalidation: when a user is deleted, disabled, or has permissions changed, the system may allow the attacker’s authenticated session to remain active and perform actions post-change....

CVE-2024-46892

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

PT-2024-3946 · Unknown +1 · Djangorestframework-Simplejwt +1

Name of the Vulnerable Software and Affected Versions: djangorestframework-simplejwt versions 5.3.1 and before Description: The issue is related to information disclosure due to missing user validation checks via the for user method. This allows a user to access web application resources even aft...

CVE-2023-31427

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled...

User can obtain JWT token even if account is disabled

Users can authenticate this way even if their user account is disabled. This is a high risk vulnerability when account disabling is used to block users' access to the system. Someone who never had an account cannot exploit this vulnerability. The fix ensures tokens are generated only for enabled...

SUSE: Security Advisory (SUSE-SU-2016:0164-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

Code injection

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The...

Debian DLA-598-1 : suckless-tools security update

It was discovered that the slock screen locking tool would segfault when the user's account had been disabled. slock called crypt3 and used the return value for strcmp3 without checking to see if the return value of crypt3 was a NULL pointer. If the hash returned by getspnam-sppwdp was invalid,...