CVE-2019-20876

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy...

Linux Distros Unpatched Vulnerability : CVE-2025-65430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was...

EUVD-2024-2858

Malicious code in bioql PyPI...

CVE-2025-3321

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

Mattermost fails to properly invalidate personal access tokens upon user deactivation

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...

CVE-2022-49700

CVE-2022-49700 is a Linux kernel SLUB allocator bug: the fastpath in slab_alloc_node() can race with slab deactivation, allowing a mismatch where c->slab/c->freelist become inconsistent and can lead to a use-after-free or a page freeing while it still contains slab objects. The issue is tie...