CVE-2025-25215

CVE-2025-25215 affects Dell ControlVault3 and ControlVault3 Plus; an arbitrary-free vulnerability resides in the cv_close path due to insufficient session validation. Talos’ analysis shows an attacker can forge a fake session on the CV firmware (for sessions allocated on the device heap) and trig...

Exploit for CVE-2025-52159

This vulnerability chains has been assigned the following CVE ID...

Exploit for CVE-2025-52159

This vulnerability chains has been assigned the following CVE ID...

Important: perl-Mojolicious

Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...

SUSE CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

AZL-61825 CVE-2024-58134 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

DEBIAN-CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

UBUNTU-CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

Mojolicious 安全漏洞

Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of hard-coded strings or application class names as HMAC session keys, which could lead to session forgery...

Astra Linux – Vulnerability in Zabbix

A bug in the code allows an attacker to create a forged zbxsession cookie, which enables them to log in with admin permissions...

CVE-2024-21545

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handli...

PT-2023-21869 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: The issue concerns a session forgery problem. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

TerraMaster TOS 4.2.x session forgery, arbitrary file reading, remote command execution, and other vulnerabilities

TerraMaster is a globally recognized professional storage brand that focuses on providing professional private cloud storage devices for users around the world. The vulnerabilities in TerraMaster TOS 4.2.x session forgery, arbitrary file reading, and remote command execution can be exploited to...

Design/Logic Flaw

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

CVE-2021-41192

Redash CVE-2021-41192 affects Redash versions 10.0.0 and earlier when admins do not explicitly set REDASH_COOKIE_SECRET and REDASH_SECRET_KEY. A default secret is used that is the same across installations, enabling session forgery by attackers who know the default value (c292a0a3aa32397cdb050e23...

CVE-2021-41192 Insecure default configuration

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

PT-2021-23165 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions 10.0.0 and prior Description: Redash is a package for data visualization and sharing. If an admin sets up Redash without explicitly specifying the REDASH COOKIE SECRET or REDASH SECRET KEY environment variables, a default valu...

DAViCal Andrew's Web Libraries Authorization Issues Vulnerability (CNVD-2020-25813)

DAViCal Andrew's Web Libraries AWL is an AWL project that focuses on providing some shared PHP libraries for DAViCal, a calendar sharing server. An authorization issue vulnerability exists in DAViCal AWL version 0.60 and earlier, which stems from a failure of the session management mechanism to u...

Zend Framework Session Authentication Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A security vulnerability exists in Zend/Session/SessionManager in version 2.2.x before ZF 2.2.9 and version 2.3.x...