Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 3:5 p.m.9 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 3:5 p.m.28 views

CVE-2026-46657

Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2025/09/11 6:15 p.m.7 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS0.00376EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/05/05 9:7 a.m.18 views

HackerOne: Reopen Disable Accounts/ Hidden Access After Disable

For POC: Original Email or banned email: [email protected] Updating Email: [email protected] Hello team this bug is something interesting and critical.. I have checked once the accounts are disable not easy to open, but i have found a vulnerability which allow a user to reopen disable accounts. Disable...

7.2AI score
Exploits0
Rows per page
Query Builder