Security Bulletin: Rational Performance Tester contains a vulnerability that could result in unauthorized data access

Summary Rational Performance Tester use of the Java AsyncHttpClient library can result in unauthorized data access. Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP...

EUVD-2024-3488

Malicious code in bioql PyPI...

EUVD-2025-15582

Malicious code in bioql PyPI...

EUVD-2025-28079

Malicious code in bioql PyPI...

EUVD-2025-15581

Malicious code in bioql PyPI...

EUVD-2025-15580

Malicious code in bioql PyPI...

GHSA-9FWJ-9MJF-RHJ3 laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

GHSA-2F4R-34M4-3W8Q Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

GHSA-9WG9-93H9-J8CH Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Overview Session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1. Applications...

CVE-2025-47275

Summary: CVE-2025-47275 affects Auth0-PHP SDKs used with CookieStore across multiple Auth0 integrations (Laravel, WordPress, Symfony). Affected versions: Auth0-PHP in 8.0.0-BETA1 up to, but not including, 8.14.0. Applications using the SDK or linked Auth0 wrappers relying on it may have session c...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.3 for Spring Boot security update.

Red Hat build of Apache Camel 4.8.3 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Improper Authentication

AsyncHttpClient AHC is vulnerable to Improper Authentication. The vulnerability is due to improper management of the CookieStore, which silently replaces explicitly defined cookies with those from the cookie jar if they share the same name, potentially leading to user session confusion in...

CVE-2024-53990

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...

CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...