PT-2026-31818

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

PT-2024-31479 · Nintendo · Mario Kart 8 Deluxe +1

Name of the Vulnerable Software and Affected Versions: Mario Kart 8 Deluxe versions prior to 3.0.3 Description: The issue is caused by a stack-based buffer overflow in the LAN/LDN local multiplayer implementation, allowing a remote attacker to exploit it upon deserialization of session informatio...

GHSA-74MF-VJPG-9XH7 Slim vulnerable to PHP object injection

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...