162 matches found
EUVD-2005-0079
Malware in sbrugna...
EUVD-2021-29903
Malicious code in bioql PyPI...
EUVD-2022-37267
Malicious code in bioql PyPI...
EUVD-2021-30700
Malicious code in bioql PyPI...
EUVD-2023-28504
Malicious code in bioql PyPI...
EUVD-2021-2894
Malicious code in bioql PyPI...
GHSA-WH92-6Q6G-PX7J Magento Community Edition Improper Input Validation vulnerability
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the...
VulnCheck KEV: CVE-2023-26258
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...
Apache Tomcat 授权问题漏洞
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from an authorization problem vulnerability that stems from a rewrite valve session fixation flaw. An attack...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
ALPINE-CVE-2025-46802
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...
DEBIAN-CVE-2025-46802
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...
CVE-2025-46802 Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...
CVE-2022-31257
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.14.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.2, Mendix Applications...
CVE-2022-3339
A reflected cross-site scripting XSS vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to...
CVE-2021-29368
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions...
CVE-2020-15270
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...
CVE-2020-24692
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...
BeyondTrust Privileged Remote Access 安全漏洞
BeyondTrust Privileged Remote Access BeyondTrust PRA is a privileged remote access software from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privileged Remote Access versions prior to 25.1 that stems from a local authentication bypass that could lead to unauthorized session...
CVE-2021-47663
CVE-2021-47663 describes an improper JSON Web Tokens implementation that allows an unauthenticated remote attacker to guess a valid session ID and impersonate a user to gain full access. Documented impact includes high confidentiality, integrity, and availability degradation (C/H/I/A). The provid...