79 matches found
CVE-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
PT-2026-23607
Name of the Vulnerable Software and Affected Versions Ghost versions 5.101.6 through 6.19.2 Description Incomplete CSRF protections around the /session/verify API endpoint allowed the use of One-Time Codes OTCs in login sessions different from the requesting session. This could potentially allow...
GHSA-HV93-R4J3-Q65F OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing
Summary The issue is not deterministic session keys by itself. The exploitable path was accepting externally supplied sessionKey values on authenticated hook ingress, allowing a hook token holder to route messages into chosen sessions. Affected Behavior - POST /hooks/agent accepted payload...
EUVD-2025-36502
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
EUVD-2025-32991
Malicious code in cross-session npm...
Malicious Package
Overview cross-session is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-48015 Malicious code in cross-session (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46f6bdb0e17b0d49c9c3b316cc02bf5fb1964d956cd9a541c6fd2edd0eb5c551 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2023-53586
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was...
EUVD-2024-1029
Malicious code in bioql PyPI...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...
hermes-agent
Hermes Agent ☤ The self-improving AI agent b...
CVE-2023-23600
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...
The vulnerability of the DCOM Remote Cross-Session Activation component of the Windows operating system allows attackers to increase their privileges.
The vulnerability of the DCOM Remote Cross-Session Activation component in the Windows operating system is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
CVE-2024-38061
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability...
CVE-2024-38061
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability...
CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
...
CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
...
CVE-2024-38061
Technical details for CVE-2024-38061 (affected products, root cause, impact, fixes) are not provided in the supplied documents. No remediation or exploitation specifics are available here. Monitor for updates.
PT-2024-4763
The Windows File Explorer is affected by a privilege escalation issue, which allows attackers to gain access to a user's NetNTLM hash from any session on the computer, even with low-privileged user rights. This issue is related to unnecessary permissions being set in Access Security when...
SUSE CVE-2024-27935
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...