EUVD-2025-206318

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

EUVD-2016-4338

Malware in sbrugna...

EUVD-2007-5903

Malware in sbrugna...

EUVD-2022-6723

Malicious code in bioql PyPI...

CVE-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

Requests `Session` object does not verify requests after making first request with verify=False

...

CVE-2024-35195 Requests `Session` object does not verify requests after making first request with verify=False

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

CVE-2024-35195 Requests `Session` object does not verify requests after making first request with verify=False

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

BIT-PARSE-2022-39225 Parse Server subject to Incorrect Resource Transfer Between Spheres

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

Cross-site Request Forgery (CSRF)

@fastify/passport is vulnerable to Cross-site Request Forgery CSRF. When a user logs in, the library doesn't remove the session object, keeping the csrf property in tact across unauthenticated and authorized sessions. CSRF tokens created prior to authentication are therefore still valid. Thus,...

Authentication Bypass

parse-server is vulnerable to authentication bypass. The vulnerability exists in handleSession function in RestWrite.js which enables a foreign user to assign the session object of another user to their own by writing to the user field and impersonate the victim...

CVE-2022-39225

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

CVE-2022-39225

Parse Server contains a vulnerability (CVE-2022-39225) where a user can write to another user’s session object if the session object ID is known, potentially reading custom fields. The issue affects older releases prior to 4.10.15 and 5.0.0–5.2.6, with patches in 4.10.15+ and 5.2.6+. Mitigation g...

CVE-2022-39225 Parse Server subject to Incorrect Resource Transfer Between Spheres

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

CVE-2022-39225 Parse Server subject to Incorrect Resource Transfer Between Spheres

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

GHSA-6W4Q-23CF-J9JP parse-server's session object properties can be updated by foreign user if object ID is known

Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...

parse-server's session object properties can be updated by foreign user if object ID is known

Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...

PT-2022-24823 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.15 Parse Server versions 5.0.0 through 5.2.5 Description: A user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to...

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...