CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

OSV•added 2026/04/16 11:36 p.m.•2 views

BIT-AUTHENTIK-2025-53942 authentik has an insufficient check for account active status during OAuth/SAML authentication

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to...

7.4CVSS5.7AI score0.002EPSS

Exploits0References5

CNNVD•added 2026/01/13 12:0 a.m.•2 views

Hikvision Partial Access Control Series Products 安全漏洞

Hikvision Partial Access Control Series Products is a series of access control devices from Hikvision, a Chinese company. A security vulnerability exists in Hikvision Partial Access Control Series Products, which stems from a stack overflow in the device's search and discovery functionality, whic...

8.8CVSS7.5AI score0.00015EPSS

Exploits0References1

SUSE CVE•added 2025/08/14 2:53 a.m.•2 views

SUSE CVE-2025-53942

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to...

7.4CVSS6.8AI score0.002EPSS

Exploits0References3

RedhatCVE•added 2025/07/25 9:25 p.m.•4 views

CVE-2025-53942

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to...

7.4CVSS7AI score0.002EPSS

Exploits0References1

OSV•added 2025/07/23 8:35 p.m.•4 views

CVE-2025-53942 authentik has an insufficient check for account active status during OAuth/SAML authentication

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to...

7.1CVSS6.4AI score0.002EPSS

Exploits0References6

OSV•added 2023/04/11 9:15 p.m.•1 views

CVE-2023-26260

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent...

5.4CVSS6.1AI score

Exploits0References1

SUSE CVE•added 2023/02/15 6:12 a.m.•2 views

SUSE CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...

2.1CVSS6.6AI score0.00289EPSS

Exploits0References3

Veracode•added 2020/04/10 12:53 a.m.•22 views

Information Disclosure

subversion is vulnerable to information disclosure. The partial access functionality is not properly implemented, allowing users who have access to change paths to obtain confidential confidential information via propget, proplist or propedit...

2.1CVSS3.7AI score0.00289EPSS

Exploits0References10Affected Software1

Veracode•added 2019/05/16 2:49 a.m.•25 views

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service attacks. A remote, unauthenticated attacker could exploit the flawed Serialization component to partially access data and cause partial denial of service conditions...

5.3CVSS6AI score0.01417EPSS

Exploits0References14Affected Software2