211 matches found
EUVD-2025-210341
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
CVE-2025-71335 Flowise - Session Invalidation Failure After Password Change
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
CVE-2025-71335
Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...
PT-2026-52614
Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if the device is no longer registered. syzbot still reports that unregisternetdevice: waiting for vcan0 to become free. Usage count = 2. Even after commit 93a27b5891b8 “can: j1939: add...
PT-2026-52034
Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...
CVE-2026-53982
Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...
CVE-2026-53982
Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...
CVE-2026-41200
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
EUVD-2026-31130
Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfers and subscribing to the error queue while...
CVE-2026-44925
CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...
CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...
Insufficient Session Expiration
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...
CVE-2025-14857
CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...
Allocation of Resources Without Limits or Throttling
Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ModalFormResponsePacket handling process. An attack...
CVE-2025-13671
OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...
Exploit for Incorrect Authorization in Suse Pam-Config
CVE-2025-6018 & CVE-2025-6019 PoC A Proof of Concept for chai...