221 matches found
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...
Coder vulnerable to privilege escalation could lead to a cross workspace compromise
Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...
Exploit for CVE-2025-1337
PoC para CVE-2025-1337 Prueba de concepto para la vulnerabili...
CVE-2025-7770
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...
CVE-2025-7770
CVE-2025-7770 affects Tigo Energy Cloud Connect Advanced (CCA). The vulnerability is insecure session ID generation in the remote API, where session IDs are produced by a predictable method based on the current timestamp, enabling attackers to recreate valid session IDs. Combined with bypassing s...
Tigo Energy Cloud Connect Advanced 安全漏洞
Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A security vulnerability exists in Tigo Energy Cloud Connect Advanced that stems from insecure session ID generation that could lead to unauthorized access...
PT-2025-32228 · Tigo Energy · Tigo Energy Cca
Name of the Vulnerable Software and Affected Versions: Tigo Energy CCA device affected versions not specified Description: The Tigo Energy CCA device is susceptible to insecure session ID generation within its remote API. Session IDs are created using a predictable method based on the current...
Sensitive Information Disclosure
BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
DEBIAN-CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
Plack::Middleware::Session 安全漏洞
Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.35 that stems from insecure session ID generation...
CVE-2022-46353
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of affected device...
CVE-2019-7336
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later insecurely. The values of the MonitorName and Source parameters are being displayed without any...
GHSA-43G4-487M-5Q6M Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...