Lucene search
K

24 matches found

CVE
CVE
added 3 days ago14 views

CVE-2026-55670

ZITADEL (open source identity management) prior to v4.15.2 is affected by a cross-tenant leakage in the event store validation: when a user is deleted, the original resource owner may remain associated with the deleted user’s ID and, if a new user is recreated in another organization with the sam...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 1:7 p.m.4 views

GHSA-6X8V-2FQ5-2229 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original organization if the previous I...

2.3CVSS5.5AI score0.00286EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 1:7 p.m.6 views

ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original organization if the previous I...

2.3CVSS5.5AI score0.00286EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: fixed a UAF Use-After-Free issue when vma-mm is freed after vma-vmrefcnt has been dropped. By introducing delays in the appropriate places, Jann Horn created a scenario where a UAF issue could occur—a problem that became...

7.8CVSS5.8AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 3:32 p.m.13 views

EUVD-2026-30312

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS5.8AI score0.00348EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38385

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description A flaw in the webhook middleware allows an anonymous caller to crash the process. The middleware spawns a goroutine that retains a reference to the echo.Context after the synchronous handler retur...

7.5CVSS5.8AI score0.00348EPSS
Exploits1References8
NVD
NVD
added 2026/03/05 10:16 p.m.15 views

CVE-2026-28480

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...

6.9CVSS0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.36 views

CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...

6.9CVSS0.0021EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...

6.9CVSS5.8AI score0.0021EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/08/19 5:2 p.m.8 views

CVE-2025-38554

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma-mm is freed after vma-vmrefcnt got dropped By inducing delays in the right places, Jann Horn created a reproducer for a hard to hit UAF issue that became possible after VMAs were allowed to be recycled by...

7.8CVSS6AI score0.00162EPSS
Exploits0
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the incorrect use of BUGON when processing khugepaged recycled page tables...

5.5CVSS6.6AI score0.00234EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/25 10:59 a.m.2 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/01/10 11:32 a.m.3 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
Openbugbounty
Openbugbounty
added 2023/12/11 12:50 a.m.7 views

recycled-jewels.com Improper Access Control vulnerability OBB-3808951

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.7 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/10/31 1:5 p.m.5 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.14 views

fee distribution is only for the msg.to contract, instead of the to address of the call traces, which is not reasonable for the gas economic system.

Lines of code Vulnerability details Impact The target contract of the fee distribution is got by contract := msg.To in the evmhooks.go . So the fee distribution is only for the msg.to contract, instead of the to address of the call traces. It means that any one use a contract wallet or setup a...

6.7AI score
Exploits0
Debian CVE
Debian CVE
added 2019/04/26 8:27 p.m.34 views

CVE-2019-3843

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially...

7.8CVSS4.8AI score0.00912EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion

No description provided by source. McAfee VirusScan 4.0,Network Associates VirusScan for Windows NT 4.0.2/4.0.3 a,Symantec Norton AntiVirus 2000 Recycle Bin Exclusion Vulnerability source: http://www.securityfocus.com/bid/956/info Many commercial virus scanners for Windows platforms exclude the...

7.1AI score
Exploits0
Rows per page
Query Builder