432 matches found
CKAN 授权问题漏洞
CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...
GHSA-RG35-5V25-MQVP Keycloak vulnerable to session takeovers due to reuse of session identifiers
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
Keycloak vulnerable to session takeovers due to reuse of session identifiers
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
CVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
CVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
CVE-2025-12390 Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
EUVD-2019-14018
Malware in sbrugna...
EUVD-2016-0921
Malware in sbrugna...
EUVD-2014-2233
Malware in sbrugna...
EUVD-2016-0374
Malware in sbrugna...
EUVD-2006-4091
Malware in sbrugna...
EUVD-2021-0702
Malware in sbrugna...
EUVD-2020-1453
Malware in sbrugna...
EUVD-2019-2112
Malware in sbrugna...
EUVD-2021-0041
Malware in sbrugna...
EUVD-2015-2892
Malware in sbrugna...
EUVD-2023-55133
Malicious code in bioql PyPI...