CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

CVE-2026-10787

The CVE-2026-10787 entry concerns Devolutions Server (versions 2026.2.4.0 and 2026.1.20.0 and earlier) where missing authorization in the deleted user groups API allows an authenticated, low-privileged user to enumerate metadata of deleted user groups via a crafted API request. The issue targets ...

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

PT-2026-47431

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Missing authorization in the deleted user groups API allows an authenticated low-privileged user to enumerate metadata of deleted user groups by...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions have security vulnerabilities. These...

PT-2026-24100

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

EUVD-2007-2904

Malware in sbrugna...

EUVD-2024-20693

Malicious code in bioql PyPI...

EUVD-2025-20666

Malicious code in bioql PyPI...

EUVD-2025-30912

Malicious code in bioql PyPI...

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

CVE-2025-0672

CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...

PT-2025-39184

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...

Linux Distros Unpatched Vulnerability : CVE-2022-39234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

CVE-2025-53479

The CVE-2025-53479 entry concerns the MediaWiki CheckUser extension. Affected: Special:CheckUser interface; vulnerable in the rev-deleted-user message where the content is rendered without proper escaping, enabling reflected XSS via the uselang=x-xss language override mechanism. Affected versions...

Wikimedia Mediawiki - CheckUser Extension 安全漏洞

Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for querying IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension that stems from a rev-deleted-user message that is not properly escaped, which could lead to a reflected cross-site...

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...