CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

SUSE CVE-2014-8124

OpenStack Dashboard Horizon before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page...

Arbitrary Command Execution

Shardingsphere-proxy is vulnerable to arbitrary code execution. The vulnerability exists because the mysql database backend fails to properly validate client authentication and does not clear out database sessions on time which allows an attacker to execute commands...

Github Cachet SQL注入漏洞

Github Cachet is a software application. An open source status page system. A SQL injection vulnerability exists in versions prior to Cachet 2.3.18, which can be exploited by unauthenticated attackers to steal sensitive data such as administrator passwords and sessions from the database...

python-django-horizon: denial of service via login page requests

A denial of service flaw was found in the OpenStack Dashboard horizon when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service...