CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

EUVD-2026-19549

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

PT-2026-30746

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the POST /classes/Session endpoint. An...

EUVD-2026-8926

A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...

EUVD-2009-2741

Malware in sbrugna...

CVE-2023-29020

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...

Duplicate Advisory: Session fixation in Enonic XP

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4m5p-5w5w-3jcf. This link is maintained to preserve external references. Original Description Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker...

GHSA-4HRP-M3F2-643J Duplicate Advisory: Session fixation in Enonic XP

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4m5p-5w5w-3jcf. This link is maintained to preserve external references. Original Description Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker...

CVE-2024-23679

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

Session fixation

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CVE-2024-23679 Enonic XP Session Fixation Vulnerability

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CVE-2024-23679 Enonic XP Session Fixation Vulnerability

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CSRF token fixation in fastify-passport

The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...

CVE-2023-29020 Cross site request forgery token fixation in fastify-passport

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...

CVE-2023-29020 Cross site request forgery token fixation in fastify-passport

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...

Cross-site Request Forgery

prestashop/prestashop, is vulnerable to Cross-site Request Forgery. The vulnerability exists due to the lack of validation in session attributes, which allows attackers to bypass the CSRF protection mechanism...

Possible CSRF token fixation

Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Patches The problem is fixed in versi...

CVE-2023-25170 PrestaShop has possible CSRF token fixation

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery CSRF. When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to...