PT-2025-19429 · Npm · @Account-Kit/Smart-Contracts

Summary Allowlist module contains a bypass vulnerability Details The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration Action If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of...

GitLab: Login email verification bypass via `/oauth/token`.

Vulnerability description not provided...

CVE-2023-22771 Insufficient Session Expiration in ArubaOS Command Line Interface

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account...

Ubiquiti Inc.: Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking

EdgeOS version 1.9.1 and prior, consequence of lack of protection if the file-system, exposing sensitive information, an attacker with access to an operator read-only account, can escalate privileges to admin root access in the system...