EUVD-2025-27766

Malicious code in bioql PyPI...

EUVD-2025-19581

Malicious code in bioql PyPI...

CVE-2025-59743

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

AndSoft e-TMS SQL注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the SessionID cookie parameter in file /inc/connect/CONNECTION.ASP. An attacker can us...

OESA-2025-2301 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

MongoDB Server router will crash when incorrect lsid is set on a sharded query

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument lsid is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 a...

CVE-2025-30040

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

CVE-2025-30038

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

CVE-2025-30038

The CVE-2025-30038 vulnerability concerns a session ID leak when saving a file downloaded from CGM CLININET. The exposed identifier is stored in an NTFS alternate data stream (ADS) via a built-in Windows security feature that preserves extra metadata for files downloaded from potentially untruste...

Linux Distros Unpatched Vulnerability : CVE-2023-4727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter...

CVE-2025-7773 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable...

CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

Linux Distros Unpatched Vulnerability : CVE-2023-3866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session i...

UBUNTU-CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

Catalyst-Plugin-Session 安全漏洞

Catalyst-Plugin-Session is a Catalyst open source application. A security vulnerability exists in Catalyst-Plugin-Session versions prior to 0.44 that stems from an insecure way of generating session IDs, which could lead to session hijacking...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the session management API due to a missing permission check. An attacker can impersonate other users and access sensitive resources by updating sessions if they know the session ID. Remediation Upgrade...

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter sid in the file /pages/receiptcredit.php...