809 matches found
CVE-2026-24894
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...
GHSA-R3XH-3R3W-47GP FrankenPHP leaks session data between requests in worker mode
Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...
FrankenPHP leaks session data between requests in worker mode
Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...
PT-2026-7871
Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP, when running in worker mode, does not correctly reset the $ SESSION superglobal between requests. This allows a subsequent request processed by the same worker to access the $ SESSION...
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session...
inoERP 跨站脚本漏洞
inoERP is an open-source enterprise management system developed by Nishit as a personal project. Version 0.7.2 of inoERP contains a cross-site scripting vulnerability. This vulnerability stems from the comment section, where stored cross-site scripts may allow unverified attackers to inject...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
K000158931: BIG-IP Edge Client for Windows vulnerability CVE-2026-20730
Security Advisory Description A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. CVE-2026-20730 Impact An attacker with local access could exploit this vulnerability to list processes and obtain session...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
EUVD-2025-206685
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...
CVE-2025-52633 HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633 HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
PT-2026-5907
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a security issue involving the storage of sensitive session data in persistent cookies. This practice can elevate the risk of unauthorized access if these cookies are intercepted or...
EUVD-2026-4996
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
CVE-2025-59896
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59901
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...