CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

EUVD-2023-51735

Malicious code in bioql PyPI...

The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to its dependence on cookie files without any checks for their validity and integrity. Exploiting this vulnerability could allow an attacker to perform arbitrary actions remotely...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This iss...

PT-2022-7395 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to insufficient session expiration in the GLPI system, which can allow a remote attacker to impact the system's integrity. A deleted or deactivated user could continue to use the...

Fedora 10 : phpMyAdmin-3.2.0.1-1.fc10 (2009-7340)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...