22 matches found
CVE-2026-41891
CI4MS (CodeIgniter 4-based CMS skeleton) has a deactivated/banned user bypass in versions 0.26.0–0.31.7.x due to the auth filter’s deactivated user check being commented out. The issue arises when an admin deactivates a user (active=0) after login: the user’s session remains valid and auth()->...
EUVD-2023-23789
Malicious code in bioql PyPI...
EUVD-2023-12810
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-1555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions...
CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
GitLab < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2651)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for...
GitLab 15.11 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2454)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoi...
BIT-GITLAB-2023-1555 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
UBUNTU-CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
CVE-2023-1555 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
CVE-2023-1555 Missing Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...
CVE-2023-1555
Removed by vendor...
HackerOne: Banned user still able to invited to reports as a collabrator and reset the password
A security vulnerability allowed a permanently banned user to still be invited as a collaborator to reports and reset their password, despite being restricted from accessing any account features or reports...
HackerOne: Banned user still has access to their deleted account via HackerOne's API using their API key
The user's banned account could still be accessed using their previously generated API token, allowing them to perform actions such as retrieving reports, balance, earnings, payouts, weaknesses, and program information. This vulnerability was discovered and exploited on a test account...
CVE-2022-0191
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...
All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)
The plugin did not escape the banned user agents in its settings before output, which may allow administrators to enter malicious UA with XSS payloads under certain conditions. Note: We were not able to reproduce the issue...
HackerOne: Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot
Summary: The hacktivity of a private program is visible to banned user if he gets invited to a program by hackbot. Description: Back in 2016 i was banned by █████'s private program ███ due to some conflict between me and their security team, i think they manually put me in banned users list, but...
Bananadance Wiki b2.2 - Multiple Vulnerabilities
Bananadance Wiki b2.2 - Multiple Vulnerabilities Title: ====== BananaDance Wiki b2.2 - Multiple Web Vulnerabilities Date: ===== 2012-11-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=745 VL-ID: ===== 745 Common Vulnerability Scoring System:...