21 matches found
BIT-AUTHENTIK-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...
PT-2026-3483
Name of the Vulnerable Software and Affected Versions ChatterBot versions up to 1.2.10 ChatterBot version 1.2.11 Description ChatterBot, a machine learning conversational dialog engine, is susceptible to a denial-of-service condition. This occurs due to improper management of database sessions an...
EUVD-2024-52822
Malicious code in bioql PyPI...
CVE-2025-29928
CVE-2025-29928 concerns authentik, an open-source identity provider. When configured to use database-based session storage (not default), deleting sessions via the Web Interface or API would not revoke those sessions, allowing session holders continued access. This affects authentik versions prio...
authentik 授权问题漏洞
authentik is an open source identity provisioning application from authentik open source. An authorization issue vulnerability exists in authentik versions prior to 2024.12.4 and 2025.2.3, which stems from a session deletion issue in the database session store that could cause a session to remain...
PT-2025-12554
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.12.4 authentik versions prior to 2025.2.3 Description The issue arises when authentik is configured to use the database for session storage, a non-default setting. In this configuration, deleting sessions via t...
CVE-2024-55603
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...
CVE-2024-55603 Insufficient session invalidation in Kanboard
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...
BIT-AIRFLOW-2023-40273 Session fixation in Apache Airflow web interface
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
Jumpserver Code Injection Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from a code injection vulnerability that originates from an authenticated user who can execute arbitrary commands using a vulnerability in a MongoDB session, leading to...
Apache Airflow Session Fixation vulnerability
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
CVE-2023-40273
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
Session fixation
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
CVE-2023-40273 Session fixation in Apache Airflow web interface
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
PT-2023-4782 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.0 Description: The issue is related to a session fixation vulnerability in the Airflow web interface, allowing an authenticated user to continue accessing the webserver even after their password has been...
SUSE CVE-2020-15105
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...
Authentication flaw
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...
DEBIAN-CVE-2015-3427
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ backslash in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422...
CVE-2015-3427
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ backslash in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422...
Microsoft SQL Server sp_replwritetovarbin Memory Corruption
No description provided by source. $Id: ms09004spreplwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...