Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0611

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.0079EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/11/12 3:51 p.m.42 views

Symfony possible session fixation vulnerability

Description SessionStrategyListener does not always migrate the session after a successful login. It only migrate the session when the logged-in user identifier changes. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token...

6.5CVSS6.9AI score0.00689EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2023/11/10 6:15 p.m.2 views

DEBIAN-CVE-2023-46733

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, SessionStrategyListener does not migrate the session after every successful login. It does so only in case the logged in...

6.5CVSS6.3AI score0.00689EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/02/03 9:45 p.m.22 views

CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

8.8CVSS8.8AI score0.0079EPSS
Exploits0
OSV
OSV
added 2023/02/03 9:45 p.m.31 views

CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

6.3CVSS7.2AI score0.0079EPSS
Exploits0References7
CNVD
CNVD
added 2017/11/06 12:0 a.m.2 views

Catalyst Mahara Session Fixation Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara version 15.04 prior to 15.04.7 and version 15.10 prior to 15.10.3, which stems from a session ID no...

8.8CVSS6.7AI score0.00847EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/11/03 6:0 p.m.18 views

CVE-2017-1000150

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks...

8.7AI score0.00847EPSS
Exploits0References1
Rows per page
Query Builder