CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

PT-2026-44193

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

EUVD-2025-209756

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

CVE-2025-10908 Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

CVE-2025-10908

CVE-2025-10908 affects WSO2 Identity Server. The root cause is a lack of user account state validation during authentication, allowing locked accounts to be authenticated via Magic Link or Pass Key and bypass the account-lock mechanism. This can lead to unauthorized access to applications and dat...

PT-2026-39581

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A lack of user account state validation during authentication allows locked user accounts to be successfully accessed using Magic Link or Pass Key methods. This...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the lack of verification of user account status. This vulnerability may allow locked accounts to be successfully authenticated throug...

Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability

Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account...

EUVD-2024-33754

Malicious code in bioql PyPI...

EUVD-2022-2560

Malicious code in bioql PyPI...

GHSA-5C6W-F4W2-2GRP Mediawiki BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

DEBIAN-CVE-2018-0505

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

Debian: Security Advisory (DSA-4301-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...

PT-2017-11811 · Red Hat +1 · Freeipa +1

Name of the Vulnerable Software and Affected Versions: FreeIPA versions 4.x Description: The issue allows a remote authenticated user to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session...

Basware Banking Denial of Service Vulnerability

Basware Banking Maksuliikenne is a suite of software from the Finnish company Basware that establishes connections with banks to manage their own finances. A security vulnerability exists in Basware Banking version 8.90.07 and earlier, which arises from the program's reliance on the client to...