5 matches found
EUVD-2018-8962
Malware in sbrugna...
EUVD-2008-6839
Malware in sbrugna...
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859 , carries a CVSS score of...
CVE-2025-24859
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...
PT-2025-16163 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions prior to 6.1.5 Description: A session management vulnerability exists in Apache Roller where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the use...