Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

3 matches found

NVD
NVDโ€ขadded 2026/05/15 8:16 p.m.โ€ข9 views

CVE-2026-44561

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS0.00178EPSS
Exploits1References1
CVE
CVEโ€ขadded 2026/02/13 10:30 a.m.โ€ข10 views

CVE-2026-20796

Mattermost CVE-2026-20796 affects version 10.11.x up to 10.11.9, due to improper validation of channel membership at data retrieval. A race condition in the /common_teams API endpoint can allow a deactivated user to learn team names they should not access. Root cause: insufficient validation duri...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software1
CVE
CVEโ€ขadded 2025/07/23 8:35 p.m.โ€ข31 views

CVE-2025-53942

Summary of CVE-2025-53942 (authentik): Affected: authentik identity provider. Issue: deactivated users who registered via OAuth/SAML (or linked accounts) could remain partially active, enabling authorization of applications despite deactivation. Root cause: insufficient check for account active s...

7.4CVSS6.1AI score0.00476EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder