PT-2026-24100

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

EUVD-2007-2904

Malware in sbrugna...

EUVD-2024-20693

Malicious code in bioql PyPI...

EUVD-2025-30912

Malicious code in bioql PyPI...

EUVD-2025-20666

Malicious code in bioql PyPI...

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

CVE-2025-0672

CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...

CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

PT-2025-39184

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...

Linux Distros Unpatched Vulnerability : CVE-2022-39234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

CVE-2025-53479

The CVE-2025-53479 entry concerns the MediaWiki CheckUser extension. Affected: Special:CheckUser interface; vulnerable in the rev-deleted-user message where the content is rendered without proper escaping, enabling reflected XSS via the uselang=x-xss language override mechanism. Affected versions...

Wikimedia Mediawiki - CheckUser Extension 安全漏洞

Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for querying IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension that stems from a rev-deleted-user message that is not properly escaped, which could lead to a reflected cross-site...

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

CVE-2024-43784

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

Improper Preservation of Permissions

Overview lakefs-sdk is a lakeFS API Affected versions of this package are vulnerable to Improper Preservation of Permissions via the process of re-creating a user with the same username as a previously deleted one. An attacker can gain access to the system using the credentials of the deleted use...

CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

lakeFS 安全漏洞

lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS version 1.31.1, which stems from the fact that when a new user is created with the username of a deleted user, the new user inherits all t...