163 matches found
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
Flask 安全漏洞
Flask is a Python micro-framework developed by Pallets, used for building web applications. Versions of Flask prior to 3.1.2 have a security vulnerability caused by an improper setting of the Vary header when accessing session objects. This vulnerability may lead to the use of cache containing...
CVE-2026-27004
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...
Flask session does not add `Vary: Cookie` header when accessed in some ways
When the session object is accessed, Flask should set the Vary: Cookie header. This instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The...
CVE-2020-24594
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...
PT-2025-48792
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...
CVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
EUVD-2016-7264
Malware in sbrugna...
EUVD-1999-1509
Malware in sbrugna...
EUVD-2006-1339
Malware in sbrugna...
EUVD-2009-0042
Malware in sbrugna...
EUVD-2020-17406
Malware in sbrugna...
EUVD-2017-9243
Malware in sbrugna...
EUVD-2019-8320
Malware in sbrugna...
EUVD-2008-0894
Malware in sbrugna...
EUVD-2020-5562
Malware in sbrugna...
EUVD-2009-4282
Malware in sbrugna...
EUVD-2014-5996
Malware in sbrugna...
EUVD-2005-0079
Malware in sbrugna...