133 matches found
EUVD-2022-29760
Malicious code in bioql PyPI...
EUVD-2022-28957
Malicious code in bioql PyPI...
EUVD-2024-48346
Malicious code in bioql PyPI...
EUVD-2024-21323
Malicious code in bioql PyPI...
EUVD-2023-44346
Malicious code in bioql PyPI...
EUVD-2023-24302
Malicious code in bioql PyPI...
IBM Copy Services Manager Cross-Site Scripting Vulnerability
IBM Copy Services Manager is IBM's data replication management software for simplifying and automating data replication operations in enterprise storage environments. A cross-site scripting vulnerability exists in IBM Copy Services Manager 6.3.13, which stems from insufficient filtering and...
CVE-2025-7774
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...
CVE-2025-7774 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...
Rockwell Automation 5032-CFGB16M12P5DR 安全漏洞
The Rockwell Automation 5032-CFGB16M12P5DR is a security controller module from Rockwell Automation. A security vulnerability exists in the Rockwell Automation 5032-CFGB16M12P5DR that stems from intercepted session credentials that can be used to perform privileged operations within 3 minutes...
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google has announced that it's making a security feature called Device Bound Session Credentials DBSC in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a devic...
GHSA-F24X-RM6G-3W5V Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2024-7421
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
CVE-2024-13928 Authenticated SQL Injection
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
PT-2025-22519 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: The issue allows attackers to control TCP/IP port access if session administrator credentials become...
PT-2025-22521 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: Exposure of file path, file size, or file existence vulnerabilities in ASPECT provide attackers access to fil...
Lexmark Printer XSS Vulnerability (CVE-2020-13481)
Multiple Lexmark printer devices are prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2020-13481
Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information...