Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/04/09 11:17 p.m.0 views

DEBIAN-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4CVSS5.6AI score0.00016EPSS
Exploits0References1
OSV
OSVadded 2026/04/09 11:17 p.m.0 views

UBUNTU-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.9AI score0.00016EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/03/30 12:0 a.m.1 views

Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/02/24 12:24 a.m.0 views

SUSE CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

6.5CVSS5.7AI score0.00014EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/02/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-27205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References3
Veracode
Veracodeadded 2023/07/12 2:50 a.m.16 views

Session Fixation

graylog2-server is vulnerable to Session Fixation. The vulnerability exists because a node may still have the session cached even when a user has explicitly logged out, which allows the session to still be used for API requests until it has reached its original expiry time...

3.1CVSS6.8AI score0.00213EPSS
Exploits1References4Affected Software1
securityvulns
securityvulnsadded 2014/09/29 12:0 a.m.40 views

nginx information leakage

Invalid cached session reusage...

4.3CVSS1.2AI score0.02435EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2012/08/01 12:0 a.m.18 views

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...

4.3CVSS6.9AI score0.03846EPSS
Exploits0References2
Rows per page
Query Builder