CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

EUVD-2025-30912

Malicious code in bioql PyPI...

CVE-2025-0672

CVE-2025-0672 describes an authentication bypass affecting multiple WSO2 products when FIDO authentication is enabled. The root cause is that, after a user account is deleted, the system does not automatically purge associated FIDO registration data. If a new user account is created with the same...

CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

PT-2025-39184

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass can occur in WSO2 products when FIDO authentication is enabled. Deletion of a user account does not automatically remove associated FIDO registration data. If a...

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

PT-2023-23156 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...

Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

Design/Logic Flaw

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

Nextcloud Deck 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...