Lucene search
K

30 matches found

NVD
NVD
added 2026/04/14 3:16 p.m.5 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS0.00586EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 2:10 p.m.22 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33316

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without...

8.1CVSS5.8AI score0.00363EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.6 views

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

Summary A flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token...

8.1CVSS5.8AI score0.00363EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-0082

Malware in sbrugna...

7.5CVSS8.8AI score0.03497EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7932

Malware in sbrugna...

9.8CVSS9.4AI score0.05144EPSS
Exploits0References4
OSV
OSV
added 2025/04/10 3:15 a.m.3 views

CVE-2025-26330

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account...

7CVSS5.8AI score0.00133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.31 views

Tridium Niagara Improper Authentication (CVE-2017-16748)

An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. This plugin only works with Tenable.o...

9.8CVSS8.4AI score0.05144EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.3 views

Arvados 授权问题漏洞

Arvados is an open source platform for managing and analyzing biomedical big data. An authorization issue vulnerability exists in Arvados version 2.4.2 and prior versions, which stems from the fact that when a user is authenticated using the Portable Authentication Module PAM, Arvados can still b...

8.8CVSS7.8AI score0.00407EPSS
Exploits0References2
OSV
OSV
added 2021/09/29 5:9 p.m.12 views

GHSA-36MJ-6R7R-MQHF User can obtain JWT token even if account is disabled

Users can authenticate this way even if their user account is disabled. This is a high risk vulnerability when account disabling is used to block users' access to the system. Someone who never had an account cannot exploit this vulnerability. The fix ensures tokens are generated only for enabled...

7AI score
Exploits0References3
Hacker One
Hacker One
added 2018/09/27 7:12 p.m.74 views

Chaturbate: Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST

Summary Chaturbate.com provides the ability for its users when in chat to ignore other users in chat rooms via DM etc by adding their camhandle name to ignorelist via HUI Actually this is just a POST to /chatignorelist/ getting as a parameter the username which is the camhandle name in order to a...

0.3AI score
Exploits0
CNVD
CNVD
added 2018/08/21 12:0 a.m.7 views

Tridium Niagara AX Framework and Niagara 4 Framework Authentication Bypass Vulnerability

Tridium Niagara AX Framework and Niagara 4 Framework are both IoT business application frameworks from Tridium USA. An authentication bypass vulnerability exists in Tridium Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. A remote attacker can exploit this vulnerabili...

9.8CVSS9.6AI score0.05144EPSS
Exploits0References1
OSV
OSV
added 2018/08/20 9:29 p.m.4 views

CVE-2017-16748

An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system...

9.8CVSS5.8AI score0.05144EPSS
Exploits0References3
NVD
NVD
added 2018/08/20 9:29 p.m.20 views

CVE-2017-16748

An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system...

9.8CVSS9.2AI score0.05144EPSS
Exploits0References3
Metasploit
Metasploit
added 2018/02/20 9:29 p.m.66 views

Windows Manage RID Hijacking

This module will create an entry on the target by modifying some properties of an existing account. It will change the account attributes by setting a Relative Identifier RID, which should be owned by one existing account on the destination machine. Taking advantage of some Windows Local Users...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2018/01/18 9:0 p.m.24 views

CVE-2017-12197

Removed by vendor...

6.5CVSS6.7AI score0.01511EPSS
Exploits0
Veracode
Veracode
added 2017/10/27 5:31 a.m.28 views

Disabled Account Bypass

libpam4j is vulnerable to authentication bypass. The authenticate method doesn't check the status of the users account, allowing any attacker with a valid password to login regardless of if the account has been disabled...

6.5CVSS6.6AI score0.01511EPSS
Exploits0References7Affected Software3
Hacker One
Hacker One
added 2017/10/18 4:32 p.m.27 views

HackerOne: Issue with password change in Disabled Account

Hello Hackerone, Summary: I have found that 38343 is not yet fully fixed, disabled user is not always gets notification about password change when a password is changed via password reset link, then such a notification is not send to the disabled user. Description Include Impact: When a password...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/10/17 7:53 p.m.2 views

libpam4j: Account check bypass

It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...

6.5CVSS5.7AI score0.01511EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/10/17 7:42 p.m.4 views

libpam4j: Account check bypass

It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...

6.5CVSS5.7AI score0.01511EPSS
Exploits0References4
Rows per page
Query Builder