Lucene search
+L

122 matches found

Vulnrichment
Vulnrichment
added 2025/05/07 10:41 p.m.9 views

CVE-2025-35939 Craft CMS stores user-provided content in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS5.6AI score0.01174EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 5.7.5 that stems from failure to clean the contents of session files, which could lead to arbitrary code execution...

6.9CVSS8.9AI score0.01174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.2 views

PT-2025-20312

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 4.15.3 Craft CMS versions prior to 5.7.5 Description Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent...

6.9CVSS7.6AI score0.01174EPSS
Exploits0References27
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/25 4:8 p.m.6 views

Malicious code in neov (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9e3f275318dc63c36dbc902dfd73c0b3aa4fa830d114c0833ed8d24258d9b0 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/25 4:8 p.m.10 views

Malicious code in pytzv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7b0a2cddf6ee0cc4d688f4136758e0d7aaa99707aa5dd82505d84631d77720 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

7AI score
Exploits0References1
OSV
OSV
added 2025/04/25 4:8 p.m.5 views

MAL-2025-191801 Malicious code in neov (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9e3f275318dc63c36dbc902dfd73c0b3aa4fa830d114c0833ed8d24258d9b0 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/25 4:8 p.m.4 views

MAL-2025-191847 Malicious code in pytzv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7b0a2cddf6ee0cc4d688f4136758e0d7aaa99707aa5dd82505d84631d77720 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/25 4:8 p.m.6 views

MAL-2025-191849 Malicious code in qtpv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0cfa610f53699fb3d04d6296bf28540a6162be41a7268566e999b070b517a6 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2024/11/01 6:28 a.m.9 views

Missing Authorization

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Missing Authorization due to improper user verification in the getfile endpoint. This flaw allows unauthorized users to access and retrieve session files by guessing or obtaining valid sessionids,...

5.4CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2024/09/16 12:0 a.m.16 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

0.00561EPSS
Exploits0References1
OSV
OSV
added 2024/08/01 8:25 p.m.17 views

USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

7.5CVSS7AI score0.73139EPSS
Exploits21References6
Tenable Nessus
Tenable Nessus
added 2024/08/01 12:0 a.m.30 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...

7.5CVSS7.6AI score0.73139EPSS
Exploits21References6
SUSE CVE
SUSE CVE
added 2023/12/06 2:4 a.m.4 views

SUSE CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

3.1CVSS7.4AI score0.00571EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/08 12:0 a.m.30 views

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Multiple Vulnerabilities (SSA:2023-311-01)

The version of sudo installed on the remote host is prior to 1.9.15. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-311-01 advisory. - Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt...

8.1CVSS7.2AI score0.00571EPSS
Exploits1References3
OSV
OSV
added 2023/09/21 5:7 p.m.25 views

GHSA-2R3C-M6V7-9354 sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

3.3CVSS7.7AI score0.00571EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/09/21 5:7 p.m.46 views

sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

8.1CVSS7.7AI score0.00571EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2023/09/21 4:15 p.m.35 views

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

8.1CVSS7.2AI score0.00571EPSS
Exploits0References2
Prion
Prion
added 2023/09/21 4:15 p.m.28 views

Path traversal

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

5.5CVSS8.2AI score0.00571EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/09/21 3:20 p.m.49 views

CVE-2023-42456 sudo-rs Session File Relative Path Traversal vulnerability

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

3.3CVSS8.4AI score0.00571EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/21 3:20 p.m.16 views

CVE-2023-42456 sudo-rs Session File Relative Path Traversal vulnerability

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

3.3CVSS7AI score0.00571EPSS
Exploits0References2
Rows per page
Query Builder