Lucene search
K

10 matches found

NVD
NVD
added 2026/06/01 7:16 p.m.14 views

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

8.8CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:57 p.m.23 views

CVE-2026-45284

Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
added 2026/05/13 6:48 a.m.15 views

Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

None...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/02/17 5:15 p.m.5 views

Insufficient Session Expiration

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Insufficient Session Expiration that allows several server functions to execute in an SFTP session after the user account has been deleted or its password changed. A user can maintain...

7.5CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.11 views

PT-2025-10070

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved, related to the gadget workqueue not being properly cleaned up after device removal. This can lead to new work being scheduled in the...

5.5CVSS5.4AI score0.00185EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.9 views

A vulnerability in the web interface for managing SINEC INS software, which manages network infrastructure, exists. This vulnerability is related to an incorrect session expiration time, allowing attackers to maintain a session after deleting the account.

The vulnerability in the web interface for managing SINEC INS software-related network infrastructure is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to maintain a session after deleting the account...

6.8CVSS7.4AI score0.00292EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.4 views

WEB VIDEO PLATFORM Security Vulnerabilities

WEB VIDEO PLATFORM is a WVP-PRO open source out-of-the-box web video platform implemented based on the GB28181-2016 standard. A security vulnerability exists in WEB VIDEO PLATFORM GB28181 Pro version 2.0, which stems from a user continuing to access information in the application after deleting...

6.5CVSS6.5AI score0.00338EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.4 views

SUSE CVE-2020-36313

An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c...

7.8CVSS6.5AI score0.0032EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/01/23 7:15 a.m.3 views

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...

7.8CVSS5.9AI score0.0086EPSS
Exploits2References5
OSV
OSV
added 2022/12/09 10:15 p.m.4 views

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

5.3CVSS5.7AI score0.00497EPSS
Exploits1References1
Rows per page
Query Builder