Lucene search
K

60 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
CVE
CVE
added 4 days ago14 views

CVE-2026-55670

ZITADEL (open source identity management) prior to v4.15.2 is affected by a cross-tenant leakage in the event store validation: when a user is deleted, the original resource owner may remain associated with the deleted user’s ID and, if a new user is recreated in another organization with the sam...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 1:7 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:7 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:7 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user provisioning process. An attacker can gain unauthorized access to user records across organizational boundaries by recreating a deleted user with the same identifier in a...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score0.00286EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.17 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 6:26 p.m.27 views

CVE-2026-10787

The CVE-2026-10787 entry concerns Devolutions Server (versions 2026.2.4.0 and 2026.1.20.0 and earlier) where missing authorization in the deleted user groups API allows an authenticated, low-privileged user to enumerate metadata of deleted user groups via a crafted API request. The issue targets ...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.9 views

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

5.5AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47431

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Missing authorization in the deleted user groups API allows an authenticated low-privileged user to enumerate metadata of deleted user groups by...

4.3CVSS5.2AI score0.00155EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions have security vulnerabilities. These...

4.3CVSS5.4AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24100

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

5.9CVSS5.8AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.7 views

CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

6.5CVSS6.9AI score0.0111EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-2904

Malware in sbrugna...

5CVSS6.4AI score0.01228EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-20693

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00406EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30912

Malicious code in bioql PyPI...

3.8CVSS6.6AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20666

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 2:54 a.m.9 views

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

3.3CVSS6.8AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 5:30 p.m.20 views

CVE-2025-0672

CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...

3.8CVSS6.4AI score0.00202EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder