809 matches found
Hostel Management System change-password.php File Session Hijacking Vulnerability
Hostel Management System is a hostel management system. Hostel Management System has a session hijacking vulnerability that stems from improper handling of session data in the file /hostel/change-password.php, no details of the vulnerability are available at this time...
ChuanhuChatGPT Access Control Error Vulnerability
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An access control error vulnerability exists in ChuanhuChatGPT version 20240802, which stems from improper handling of session data and lack ...
CVE-2024-8613
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
CVE-2024-8613
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
CVE-2024-8613
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
CVE-2024-8613
CVE-2024-8613 affects gaizhenbiao/chuanhuchatgpt (version 20240802). The vulnerability arises from improper handling of session data and lack of access control, enabling an attacker to view, copy, and delete other users’ chat histories. Multiple sources (NVD, Red Hat, CNVD, OSV, CVE list) corrobo...
CVE-2024-8613 Improper Access Control in gaizhenbiao/chuanhuchatgpt
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
ChuanhuChatGPT 访问控制错误漏洞
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An access control error vulnerability exists in ChuanhuChatGPT version 20240802, which stems from improper handling of session data and lack ...
Linux Distros Unpatched Vulnerability : CVE-2016-7125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote...
Siemens Teamcenter Redirection Vulnerability
Teamcenter software is an adaptable, modern Product Lifecycle Management PLM system that connects people and processes across functional silos through digital threads to enable innovation. A redirection vulnerability exists in the Siemens Teamcenter SSO login service, which can be exploited by an...
CVE-2025-23363
A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...
CVE-2025-23363
A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...
CVE-2025-23363
A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...
CVE-2025-23363
Summary (CVE-2025-23363): Siemens Teamcenter V14.x products disclose an open-redirect issue in the SSO login service. The SSO accepts user-controlled input that can specify an external URL, enabling an attacker to lure a legitimate user into clicking a crafted link that redirects to a malicious s...
CVE-2024-25122
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...
BIT-GITLAB-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...
CVE-2024-11274
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...
CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...
CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...
CVE-2024-11274
CVE-2024-11274 affects GitLab CE/EE: all versions from 16.1 up to 17.4.6, from 17.5 up to 17.5.4, and from 17.6 up to 17.6.2. The vulnerability is the injection of Network Error Logging (NEL) headers in Kubernetes proxy responses, which could lead to session data exfiltration. The available conne...