CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/01 4:57 p.m.•28 views

CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS0.00193EPSS

EUVD•added 2026/06/01 4:57 p.m.•12 views

EUVD-2026-33710

4.6CVSS5.7AI score0.00193EPSS

Nextcloud•added 2026/05/12 9:8 a.m.•11 views

Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

None...

8.8CVSS5.8AI score0.00193EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/03/11 7:8 a.m.•3 views

CVE-2026-3638

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

5.9CVSS5.8AI score0.00177EPSS

EUVD•added 2026/03/09 9:31 p.m.•2 views

EUVD-2026-10348

5.9CVSS5.8AI score0.00177EPSS

NVD•added 2026/03/09 7:16 p.m.•3 views

CVE-2026-3638

5.9CVSS0.00177EPSS

Cvelist•added 2026/03/09 6:51 p.m.•35 views

CVE-2026-3638

0.00177EPSS

CVE•added 2026/03/09 6:51 p.m.•9 views

CVE-2026-3638

CVE-2026-3638 : Multiple sources (NVD, Red Hat, ENISA, CVE List) describe an improper access control flaw in Devolutions Server up to version 2025.3.11.0. A low-privileged, authenticated user can restore deleted users and roles via crafted API requests on the user/role restore endpoints. Document...

5.9CVSS5.8AI score0.00177EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-49191

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00625EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-43130

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0053EPSS

OSV•added 2025/04/18 5:15 p.m.•3 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

7.5CVSS5.8AI score0.00688EPSS

SUSE CVE•added 2024/12/12 7:4 a.m.•1 views

SUSE CVE-2024-43784

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

5.7CVSS6.9AI score0.00341EPSS

OSV•added 2024/10/16 9:15 a.m.•2 views

CVE-2023-22650

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s...

8.7CVSS5.7AI score0.00585EPSS

Vulnrichment•added 2024/10/16 8:20 a.m.•11 views

CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

8.8CVSS7.2AI score0.00585EPSS

Vulnrichment•added 2024/08/23 6:58 p.m.•18 views

CVE-2024-45187 Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...

7.1CVSS7.7AI score0.00467EPSS

Cvelist•added 2024/08/23 6:58 p.m.•25 views

CVE-2024-45187 Mage AI allows deleted users to use the terminal server with admin access, leading to remote code execution

7.1CVSS0.00467EPSS