ROS-20260529-73-0015

The vulnerability in openbao is related to improper session management. Exploiting this vulnerability can allow a remote attacker to intercept a user’s session...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from...

EUVD-2024-41307

Malicious code in bioql PyPI...

EUVD-2025-30267

Malicious code in bioql PyPI...

The vulnerability of the Condeon CMS system, related to the storage of confidential information in open text, allows a hacker to intercept sessions and gain access to the user’s account.

The vulnerability of the Condeon CMS system relates to the storage of confidential information in open text within the memory dump file. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...

The vulnerability of the Condeon CMS system, related to deficiencies in access control, allows a hacker to intercept sessions and gain access to the user account.

The vulnerability of the Condeon CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...

The vulnerability of the UMI CMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to intercept the administrator’s session.

The vulnerability of the UMI CMS content management system is related to the lack of measures taken to protect the website’s structure. Operating the system may allow a malicious actor, operating remotely, to intercept the administrator’s session by performing XSS attacks using a specially crafte...

The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...

The vulnerability of the SIMATIC PCS neo technology process management web system, related to incorrect session duration, allows a intruder to intercept the user’s session.

The vulnerability of the SIMATIC PCS neo technology process management web system is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the user’s session...

CVE-2024-45101

A privilege escalation vulnerability was discovered when Single Sign On SSO is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL...

The vulnerability of the OData protocol implementation in the SAP Fiori for SAP ERP business application platform allows a attacker to perform a cache poisoning attack or intercept sessions.

The vulnerability of the OData protocol implementation in SAP Fiori for SAP ERP business application development platforms is related to deficiencies in handling HTTP header requests. Exploiting this vulnerability allows a malicious actor to perform a cache poisoning attack or intercept sessions ...

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

The vulnerability of Symantec’s Privileged Access Management tool, related to the manipulation of inter-site requests, allows a perpetrator to intercept user sessions.

The vulnerability of Symantec’s Privileged Access Management tool is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to intercept user sessions remotely...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems is related to improper session management. This vulnerability allows attackers to intercept user sessions and gain increased privileges.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and increase their privileges...

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, Hitachi Energy MicroSCADA X SYS600, allows a intruder to intercept an already established session.

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, MicroSCADA X SYS600, involves bypassing the authentication process. Exploiting this vulnerability allows a malicious actor to intercept an already established session...

The vulnerability of the SSL VPN remote access technology for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the SSL VPN remote access technology for FortiOS operating systems relates to the interception of user sessions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands remotely...

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers, related to improper session management, allows attackers to gain full access to the application.

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the application by intercepting sessions...

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, related to the falsification of inter-site requests, allows a intruder to intercept the user’s session.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the manipulation of intersite requests. Exploiting this vulnerability allows a malicious actor to intercept the user’s session remotely...

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which stems fro...