Lucene search
K

4 matches found

OSV
OSV
added 2026/04/07 6:13 p.m.1 views

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS6AI score0.0027EPSS
Exploits1References3
OSV
OSV
added 2026/03/04 5:16 p.m.6 views

CVE-2026-23810

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...

3.1CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/02 7:46 p.m.18 views

CVE-2019-19091 ABB eSOMS: HTTP response information leakage

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack...

4.3CVSS4.4AI score0.00764EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2009/07/06 11:41 a.m.4 views

tomcat XML parser information disclosure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...

4.6CVSS6.1AI score0.00809EPSS
Exploits1References4
Rows per page
Query Builder