EUVD-2026-36267

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

PT-2026-48695

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

CVE-2026-41662

Admidio suffers a Missing Minimum Administrator Check in Role::stopMembership(), before 5.0.9. The code path removes a member from the administrator role without verifying that at least one admin remains; with two admins, sequential removals can leave zero admins, locking out administrative acces...

CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

EUVD-2025-198489

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

CVE-2025-10054

The CVE-2025-10054 entry concerns the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability arises from a missing capability check in the eh_crm_remove_agent function across versions up to 3.3.1, enabling authenticated users with Subscriber-level access and a...

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal vulnerability

Missing Authorization to Authenticated Subscriber+ Role Removal vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

PT-2025-47728

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm remove agent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers,...

GO-2025-4073 Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher

Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher...

Rancher 安全漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations deploying containers in production environments. A security vulnerability exists in Rancher that stems from a user retaining cluster access after removing a customized...

EUVD-2015-1632

Malware in sbrugna...

CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

CVE-2025-10223

The CVE-2025-10223 entry describes Insufficient Session Expiration (CWE-613) in the Web Admin Panel of AxxonSoft Axxon One (C‑Werk) on Windows, prior to version 2.0.3. The root cause is an unexpired session token allowing a local or remote authenticated attacker to retain access with removed priv...

CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

Linux Distros Unpatched Vulnerability : CVE-2019-14879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the...

RHEL 6 : openstack-keystone (RHSA-2014:0113)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0113 advisory. The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token,...

GitLab: Removed Guest role user who dosent have access to private project in members able to view jobs

Vulnerability description not provided...

SUSE CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

openstack-keystone: unintentional role granting with Keystone LDAP backend

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

CVE-2012-5571

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...