CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

SUSE CVE•added 2026/01/06 12:25 a.m.•6 views

SUSE CVE-2025-64521

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

4.8CVSS7AI score0.00193EPSS

Exploits0References2

RedhatCVE•added 2025/11/20 9:37 p.m.•8 views

CVE-2025-64521

4.8CVSS6.9AI score0.00193EPSS

Exploits0References1

Github Security Blog•added 2025/11/19 6:13 p.m.•11 views

authentik allows a deactivated Service account to authenticate to OAuth

Summary When authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even when the account was deactivated. Other permissions are correctly applied and...

4.8CVSS7.1AI score0.00193EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2013-3213

Malware in sbrugna...

6CVSS6.4AI score0.01033EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 12:44 a.m.•9 views

CVE-2013-3276

EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account...

6CVSS6.6AI score0.01033EPSS

Exploits0References1

Positive Technologies•added 2023/06/16 12:0 a.m.•5 views

PT-2023-21391 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated, due to a...

6.5CVSS6.2AI score0.00504EPSS

Exploits0References5

Hacker One•added 2020/08/31 1:45 p.m.•79 views

Acronis: Clickjacking on cas.acronis.com login page

Steps To Reproduce: Create a new HTML file Source code: I Frame Clickjacking Vulnerability Save the file as whatever.html Open document in browser Reference: https://hackerone.com/reports/591432 FIX- The vulnerability can be fixed by adding "frame-ancestors 'self';" to the CSP...

0.3AI score

Exploits0

NVD•added 2013/09/05 11:44 a.m.•13 views

CVE-2013-3276

EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account...

6CVSS6.3AI score0.01033EPSS

Exploits0References1

Prion•added 2013/09/05 11:44 a.m.•13 views

Design/Logic Flaw

EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account...

6CVSS6.8AI score0.01033EPSS

Exploits0References1Affected Software1

Cvelist•added 2013/09/05 10:0 a.m.•17 views

CVE-2013-3276

EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account...

6.3AI score0.01033EPSS

Exploits0References1

CVE•added 2013/09/05 10:0 a.m.•46 views

CVE-2013-3276

RSA Archer GRC 5.x before 5.4 is affected by CVE-2013-3276: an improper restriction of user login allows remote authenticated users to bypass login by leveraging a deactivated account. The vulnerability (CVSSv2 base score 6.0) impacts authentication, with partial confidentiality, integrity, and a...

6CVSS6.5AI score0.01033EPSS

Exploits0References1Affected Software1