CVE-2021-39138

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

PT-2024-40324 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns TYPO3's built-in record registration functionality, also known as the "basic shopping cart", which is vulnerable to denial of service when using recs URL parameters. This i...

VulnCheck KEV: CVE-2023-41266

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints...

python-django: Denial-of-service possibility in logout() view by filling session store

It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...