Lucene search
K

7 matches found

NVD
NVD
added 2026/01/20 7:15 p.m.12 views

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

4.8CVSS0.00242EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/01/20 6:58 p.m.5 views

@bagisto-native/core (=1.0.2), @bagisto-native/react (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-66803 via @hotwired/turbo (=8.0.17)

@hotwired/turbo NPM version =8.0.17 is affected by a known vulnerability. The following packages have a transitive dependency on @hotwired/turbo and may be impacted: - @bagisto-native/core =1.0.2 - @bagisto-native/react =1.0.0, =1.0.1 Source cves: CVE-2025-66803 Source advisory:...

4.8CVSS5.8AI score0.00242EPSS
Exploits1
Snyk
Snyk
added 2026/01/20 6:58 p.m.4 views

Insufficient Session Expiration

Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...

6.3CVSS5.5AI score0.00242EPSS
Exploits1References3
CVE
CVE
added 2026/01/20 12:0 a.m.13 views

CVE-2025-66803

CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...

4.8CVSS5.6AI score0.00242EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 12:0 a.m.3 views

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

5.5AI score0.00242EPSS
Exploits1References3
OSV
OSV
added 2026/01/20 12:0 a.m.10 views

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

4.8CVSS5.6AI score0.00242EPSS
Exploits1References5
Spring Security Advisories
Spring Security Advisories
added 2024/03/15 12:0 a.m.16 views

Hypermedia and Browser Enhancement

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different...

6.9AI score
Exploits0
Rows per page
Query Builder