OpenReplay 访问控制错误漏洞

OpenReplay is an open-source, developer-friendly, self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of verification that the project belonged to the same tenant during API key...

EUVD-2026-22280

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause a sandboxed agent to access the state of a parent or sibling session to read or modify session data outside the scope of the sandb...

PT-2026-28272

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Summary The built-in sessionstatus tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope. Impact This allowed a sandboxed child session to read parent or sibling sessi...

CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

EUVD-2021-8763

Malicious code in bioql PyPI...

EUVD-2025-6910

Malicious code in bioql PyPI...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

CVE-2021-21490

SAP NetWeaver AS for ABAP Web Survey, versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current...

CVE-2024-4336

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user...

IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

ARC Informatique PcVue 安全漏洞

ARC Informatique PcVue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grid, energy...

DELL EMC NetWorker 信任管理问题漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in Dell EMC NetWorker that originates from acting as a...

Brocade Fabric OS Encryption Issues Vulnerabilities

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. Brocade Fabric OS has a cryptographic issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle in order to read and write data within a session...

CVE-2020-26869

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

CVE-2014-8391

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests...