21 matches found
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
CVE-2025-69601
A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...
CVE-2025-69601
A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
EUVD-2025-206458
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
CVE-2025-69601
A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
PT-2026-5188
Name of the Vulnerable Software and Affected Versions 66biolinks version 62.0.0 Description The application does not regenerate the session identifier after successful authentication, leading to a session fixation issue. This allows an attacker who can set or predict a session ID to potentially...
CVE-2025-69601
A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...
EUVD-2025-206457
A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...
CVE-2025-69601
CVE-2025-69601 affects 66biolinks v44.0.0 (AltumCode) in the app’s “Static Sites” feature. A Zip Slip directory traversal occurs when ZIP archives are uploaded, as files are extracted without path validation, allowing traversal sequences (e.g., ../) to write outside the extraction directory. Repo...
CVE-2025-69602
CVE-2025-69602 describes a session fixation vulnerability in 66biolinks v62.0.0 by AltumCode. The issue arises because the application does not regenerate the session identifier after successful authentication, allowing the same session cookie value to be reused for users authenticating in the sa...
CVE-2025-66939
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...
CVE-2025-66939
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...
CVE-2025-66939
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...
CVE-2025-66939
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...
PT-2026-2271
Name of the Vulnerable Software and Affected Versions 66biolinks version 61.0.1 Description A Cross Site Scripting issue exists in 66biolinks. An attacker can execute arbitrary code by providing a specially crafted favicon file. The issue affects the processing of favicon files. Recommendations...
CVE-2025-66939
CVE-2025-66939 is a Cross Site Scripting vulnerability in AltumCode’s 66biolinks, version 61.0.1, where specially crafted favicon files can cause an attacker to execute arbitrary code. The root cause is described as improper handling of favicon files that triggers XSS. The affected software is 66...