10 matches found
CVE-2026-34570
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...
CVE-2026-3638
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.11.0 contained security vulnerabilities. These vulnerabilities were due to...
CVE-2024-36523
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts...
GHSA-JG95-R9XH-XW9C Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...
Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...
CVE-2024-36523
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts...
Deleted Admin Can Sign In to Admin Interface
Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...
GHSA-6GJF-7W99-J7X7 Deleted Admin Can Sign In to Admin Interface
Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...
Over 300 Million AdultFriendFinder Accounts Exposed in Massive Data Breach
Adult Friend Finder, a casual dating website with the tagline "hookup, find sex or meet someone hot now," has suffered another massive data breach, but this time it is much worse than the last year. Over 300 Million AdultFriendFinder accounts have reportedly been exposed in a massive data breach...