10 matches found
CVE-2026-45284
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...
CVE-2026-45284
Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...
Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
None...
Insufficient Session Expiration
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Insufficient Session Expiration that allows several server functions to execute in an SFTP session after the user account has been deleted or its password changed. A user can maintain...
PT-2025-10070
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved, related to the gadget workqueue not being properly cleaned up after device removal. This can lead to new work being scheduled in the...
A vulnerability in the web interface for managing SINEC INS software, which manages network infrastructure, exists. This vulnerability is related to an incorrect session expiration time, allowing attackers to maintain a session after deleting the account.
The vulnerability in the web interface for managing SINEC INS software-related network infrastructure is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to maintain a session after deleting the account...
WEB VIDEO PLATFORM Security Vulnerabilities
WEB VIDEO PLATFORM is a WVP-PRO open source out-of-the-box web video platform implemented based on the GB28181-2016 standard. A security vulnerability exists in WEB VIDEO PLATFORM GB28181 Pro version 2.0, which stems from a user continuing to access information in the application after deleting...
SUSE CVE-2020-36313
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c...
CVE-2023-24069
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...
CVE-2022-45292
User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...