Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded 2025/11/08 12:15 a.m.15 views

CVE-2025-64489

CVE-2025-64489 (SuiteCRM) : Privilege escalation due to improper session invalidation after account deactivation. A user with a deactivated account but an active session can access the app and self-reactivate, enabling unauthorized persistence. Affected versions: 7.14.7 and earlier, and 8.0.0-bet...

8.8CVSS6.5AI score0.00296EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/02/05 10:39 p.m.11 views

CVE-2022-36090

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

8.1CVSS6.5AI score0.00883EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2023/06/16 8:58 a.m.7 views

CVE-2023-2788 Deactivated user can retain access using oauth2 api

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated...

6.2CVSS6.8AI score0.00504EPSS
Exploits0References1
Rows per page
Query Builder