7 matches found
CVE-2025-41772 wwwupdate.cgi Session token in URL
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41772
The CVE-2025-41772 entry concerns the wwwupdate.cgi endpoint in UBR, where session tokens are exposed in plaintext in URL parameters. An unauthenticated remote attacker can obtain valid session tokens via the URL, enabling potential session hijacking. The connected CVE records confirm the vulnera...
PT-2026-24038
Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description An unauthenticated remote attacker can obtain valid session tokens. These tokens are exposed in plaintext within the URL parameters of the ''wwwupdate.cgi'' endpoint. The issue involves the...
GHSA-62VX-HPCR-M9CH @perfood/couch-auth may expose session tokens, passwords
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
TARGIT Decision Suite 安全漏洞
TARGIT Decision Suite is a BI and analytics tool from TARGIT that helps companies integrate, visualize and share data better and faster than ever before. A security vulnerability exists in TARGIT Decision Suite versions prior to 23.2.15007.0 that stems from the fact that session tokens are part o...
CVE-2021-42948
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...