Incorrect User Management

Overview Affected versions of this package are vulnerable to Incorrect User Management via the session function. An attacker can gain unauthorized access to sensitive operations and escalate privileges by bypassing the intended verification step during authenticated sessions. Remediation Upgrade...

EUVD-2025-201403

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

EUVD-2025-10307

Malicious code in bioql PyPI...

EUVD-2022-24454

Malicious code in bioql PyPI...

Incorrect User Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect User Management due to allowing multiple accounts connected to the same email address. An attacker can cause account ambiguity by registering...

Incorrect User Management

Overview jeecgboot-vue3 is an Agent =============== 当前最新版本： 3.8.1（预计发布时间：2025-04-21） Affected versions of this package are vulnerable to Incorrect User Management via the sendMsg function in the /message/sysMessageTemplate/sendMsg path. An attacker can gain unauthorized access to sensitive...

PT-2025-32766 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The user interface performs an incorrect action, potentially allowing an unauthorized attacker to perform spoofing over a network. Recommendations: At the moment, there i...

CVE-2024-46671

An Incorrect User Management vulnerability CWE-286 in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard...

USN-7287-1: libcap2 vulnerability

Tianjia Zhang discovered the libcap2 PAM module pamcap incorrectly handled parsing group names in the configuration file. This could result in certain users being granted capabilities, contrary to expectations...

Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a...

Incorrect User Management

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect User Management in oidc/OrganizationMembershipMapper.java, which relies on matching the domain of a...

CVE-2025-1391

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies o...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

Vulnerability in core server (CVE-2024-10978)

PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

PT-2025-15427 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.6.2 and below FortiWeb versions 7.4.6 and below FortiWeb versions 7.2.10 and below FortiWeb versions 7.0.11 and below Description: The issue is related to Incorrect User Management, allowing an authenticated attacker with ...

Incorrect User Management

github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an incorrect security user interface in the Downloads module. An attacker can exploit this vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Picture In Picture, which stems from an incorrect security UI in Picture In Picture. An attacker can exploit this vulnerability to bypass security restrictions...

CVE-2022-45097

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure...