3 matches found
CVE-2026-24013
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
passport 授权问题漏洞
passport is an Express-compatible Node.js authentication middleware from Jared Hanson, an individual developer in the United States. An authorization issue vulnerability exists in passport. An attacker could use this vulnerability to hijack a victim's session by throwing a valid "sessionId" cooki...