31 matches found
CVE-2025-4644
CVE-2025-4644 describes a Session Fixation vulnerability in Payload’s SQLite adapter where an attacker could trigger identifier reuse during account creation. The attacker could create an account, store its JWT, delete the account, and later a new user would receive the same identifier, enabling ...
Payload 授权问题漏洞
Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload suffers from an authorization issue vulnerability that stems from SQLite adapters reusing identifiers during account creation, which could lead to a session fixation attack...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the reuse of msgid after maliciously completing a reopen request, which could result in a read request being...
CVE-2023-29147
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier...
Design/Logic Flaw
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier...
libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...
PT-2023-22636 · Unknown · Shimo Vpn Client
Name of the Vulnerable Software and Affected Versions: Shimo VPN Client for macOS version 5.0.4 Description: An issue in the helper tool of Shimo VPN Client for macOS allows attackers to bypass authentication via PID re-use. Recommendations: For Shimo VPN Client for macOS version 5.0.4, update to...
PT-2022-24784 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the offline access scope in Keycloak, affecting users of shared computers more, especially if cookies are not cleared. This issue is due to a lack of root session...
Red Hat Keycloak 代码问题漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak offlineaccess, which stems from a lack of root session authentication and reuse of session...
红帽 Red Hat Ceph 授权问题漏洞
Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure, based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless data replication. cep...
CVE-2020-0203
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...