1079 matches found
CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
CVE-2013-10075
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
PT-2026-38683
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
Linux Distros Unpatched Vulnerability : CVE-2013-10075
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile...
CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...
CVE-2026-40325
Summary: CVE-2026-40325 affects Masa CMS (fork of Mura CMS). In versions up to 7.5.2, the cTrash.restore function fails to validate anti-CSRF tokens, allowing an attacker to lure a logged-in administrator into a forged request that restores deleted items and places them at an attacker-controlled ...
CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...
PT-2026-37251
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description An issue exists in the identity-based secrets management system where an initial failure during namespace deletion causes subsequent retries to fail to remove all data before the namespace is marked ...
DEBIAN-CVE-2026-22740
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014340)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014340 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfsrmdir. 1 Because the inode...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNoteByID function. An attacker can access notes and assets from soft-deleted public books by directly querying endpoints with known note IDs or slug paths, even after the book has been deleted. This...
GHSA-3GR9-485J-V4XF Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...
Apple fixes iOS bug that kept deleted notifications, including chat previews
Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 check...
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 CVSS score: N/A, has been described as a logging issue that has been addressed with improved dat...
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device...
About the security content of iOS 18.7.8 and iPadOS 18.7.8
About the security content of iOS 18.7.8 and iPadOS 18.7.8 This document describes the security content of iOS 18.7.8 and iPadOS 18.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
About the security content of iOS 26.4.2 and iPadOS 26.4.2
About the security content of iOS 26.4.2 and iPadOS 26.4.2 This document describes the security content of iOS 26.4.2 and iPadOS 26.4.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010965)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010965 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not ignore genmask when looking up chain by id When adding a rule to a...