CVE-2023-49091

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an...

EUVD-2023-53103

Malicious code in bioql PyPI...

PT-2025-4853 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-Server versions prior to 0.17.7 Description: The Cosmos-Server software has a user enumeration issue due to the error code returned during login, allowing an attacker to determine if a user exists in the database by monitoring the erro...

Insufficient Session Expiration

Cosmos-server is vulnerable to Insufficient Session Expiration. The vulnerability is due to the authorization header Jwttoken used for user login remaining valid and not expiring after log out. This allows an attacker to use the token to gain unauthorized access to the application/system even aft...

Authorization

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an...

CVE-2023-49091 Jwttoken in Cosmos server never expires after password changed and logging out

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an...

Cosmos Code Issue Vulnerability

Cosmos is a self-hosted home server from the individual developer Yann Stepienik. Designed to address the growing concern of vulnerable self-hosted applications and personal servers. A code issue vulnerability exists in Cosmos versions prior to 0.13.0, which stems from a token in the Authorizatio...

PT-2023-31050 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-server versions prior to 0.13.1 Description: The issue arises from the authorization header used for user login remaining valid and not expiring after log out, allowing an attacker to use the token to gain unauthorized access to the...

com.github.3tty0n:gatling-thrift_2.12 (>=0.2.0 <=0.6.0), com.github.giiita:scaladia-http_2.12 (>=0.0.1 <=0.0.6) +106 more potentially affected by CVE-2020-35774 via com.twitter:twitter-server_2.12 (>=17.10.0 <=20.10.0)

com.twitter:twitter-server2.12 MAVEN version =17.10.0, =0.2.0, =0.0.1, =1.4.0, =2.13.0, =19.1.0, =2.9.0, =0.5.0, =0.5.0, =0.5.0, =1.2, =0.12.3, =0.12.0, =0.12.5, =0.11.6, =19.12.0, =20.10.0 and more Source cves: CVE-2020-35774 Source advisory: OSV:GHSA-3MQV-8GXG-PFM4...