Lucene search
+L

28 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:5 p.m.10 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/08 3:5 p.m.3 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS6AI score0.00271EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-2858

Malicious code in bioql PyPI...

7.2CVSS6.1AI score0.01545EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-12422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.4.2, when using the default remember me configuration, cookies could be susceptible to a padding attack. CVE-2019-12422 Note that Nessus...

7.5CVSS7.2AI score0.09101EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 2:15 a.m.8 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS6.7AI score0.00618EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/17 6:12 a.m.9 views

Session Hijacking

illuminate/auth is vulnerable to Session Hijacking. The vulnerability is due to insecure handling of "remember me" cookies, where previously hijacked cookies would remain valid even after the user's password was reset or they logged out...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40420 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.26 Description: The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true...

7.5AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/12/14 2:7 a.m.6 views

SUSE CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS6.9AI score0.00618EPSS
Exploits0References3
NVD
NVD
added 2023/12/12 5:15 p.m.16 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS0.00618EPSS
Exploits0References3
OSV
OSV
added 2023/12/12 5:15 p.m.12 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS7.4AI score0.00618EPSS
Exploits0References4
OSV
OSV
added 2023/12/12 5:15 p.m.7 views

DEBIAN-CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS7.3AI score0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.4 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

6.7AI score0.00618EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.19 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.4AI score0.00618EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/12/12 12:0 a.m.44 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS7.4AI score0.00618EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.8 views

PT-2023-10322 · Devise · Devise

Name of the Vulnerable Software and Affected Versions: Devise versions prior to 3.5.4 Description: The issue concerns the mishandling of Remember Me cookies for sessions, potentially allowing an adversary to gain unauthorized persistent application access. Specifically, the Devise gem generates t...

7.5CVSS7.7AI score0.00618EPSS
Exploits0References10
OSV
OSV
added 2022/05/13 1:5 a.m.1 views

GHSA-6RH5-23HX-J452 Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

7.2CVSS5.9AI score0.01545EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.28 views

Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

7.2CVSS5.9AI score0.01545EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/16 1:15 a.m.2 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS5.9AI score0.00536EPSS
Exploits0References2
OSV
OSV
added 2022/03/16 1:15 a.m.4 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS5.8AI score0.00536EPSS
Exploits0References1
Rows per page
Query Builder