78 matches found
CVE-2026-7887
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from an oversight in the handling of OAuth 2.0 authorization codes, which bypasses account status checks. This could...
CVE-2026-32717
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32717
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32717
AnythingLLM prior to 1.11.2 in multi-user mode suffers an access control bypass where suspended users remain authenticated via browser extension API keys. If a user already has a valid brx-... browser extension API key, it continues to work after suspension, allowing access to browser extension e...
EUVD-2026-12176
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2026-32717
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
PT-2026-25397
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...
CVE-2025-68663
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
BIT-MOODLE-2025-67848 Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-68663
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2025-68663
Outline before version 1.1.0 contains a vulnerability in its WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after suspension. The issue is fixed in 1.1.0. CVSS metadata in...
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
Outline 授权问题漏洞
Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 had issues with authorization vulnerabilities. These vulnerabilities stemmed from defects in the WebSocket authentication mechanism, which could allow suspended users to maintain or establish real-time...
PT-2026-7662
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
GHSA-J5JV-W5CW-J9FF Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...