Lucene search
K

163 matches found

OSV
OSV
added 2026/02/21 5:21 a.m.6 views

CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

2.3CVSS5.5AI score0.00374EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.8 views

Flask 安全漏洞

Flask is a Python micro-framework developed by Pallets, used for building web applications. Versions of Flask prior to 3.1.2 have a security vulnerability caused by an improper setting of the Vary header when accessing session objects. This vulnerability may lead to the use of cache containing...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References3
NVD
NVD
added 2026/02/20 12:16 a.m.5 views

CVE-2026-27004

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

6.9CVSS0.00105EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 8:45 p.m.12 views

Flask session does not add `Vary: Cookie` header when accessed in some ways

When the session object is accessed, Flask should set the Vary: Cookie header. This instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The...

4.3CVSS5.5AI score0.00374EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.8 views

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

9.6CVSS7.9AI score0.01713EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/02 9:11 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...

9.3CVSS5.9AI score0.20655EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.10 views

PT-2025-48792

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

5.3CVSS6.1AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 2:15 p.m.3 views

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-7264

Malware in sbrugna...

7.5CVSS7.4AI score0.01231EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1509

Malware in sbrugna...

4.6CVSS6.4AI score0.0033EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-1339

Malware in sbrugna...

3.7CVSS6.3AI score0.00329EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-0042

Malware in sbrugna...

6.5CVSS6AI score0.01675EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17406

Malware in sbrugna...

7.1CVSS6.9AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-9243

Malware in sbrugna...

7.5CVSS7.6AI score0.01258EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8320

Malware in sbrugna...

8.8CVSS8.8AI score0.00986EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0894

Malware in sbrugna...

4.7CVSS6AI score0.01336EPSS
Exploits2References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5562

Malware in sbrugna...

7.2CVSS6.8AI score0.01132EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4282

Malware in sbrugna...

4.4CVSS6.4AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-5996

Malware in sbrugna...

2.1CVSS6.4AI score0.00576EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0079

Malware in sbrugna...

4.6CVSS6.1AI score0.00379EPSS
Exploits0References7
Rows per page
Query Builder