10 matches found
CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation
Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...
CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation
Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...
CVE-2026-25700
CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...
CVE-2025-3230 Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...
PT-2024-18651 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.55.3 Description: An improper authorization issue exists in the zenml-io/zenml repository, specifically within the API "PUT /api/v1/users/id" endpoint. This issue allows any authenticated user to modify the informatio...
CVE-2021-25991
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...
Improper access control
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...
CVE-2021-25991 ifme - Improper Access Control leads to admin deactivation
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...
CVE-2021-25991 ifme - Improper Access Control leads to admin deactivation
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...
WordPress 插件跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...