CVE-2025-34188 Vasion Print (formerly PrinterLogic) Local Log Disclosure of Cleartext Sessions

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

Malicious code in node-laravel-session-ahss-testing (npm)

The package node-laravel-session-ahss-testing was found to contain malicious code...

MAL-2025-27629 Malicious code in node-laravel-session-ahss-testing (npm)

The package node-laravel-session-ahss-testing was found to contain malicious code...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...