88 matches found
EUVD-2025-206365
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...
CVE-2025-59101 Insufficient Session Management in dormakaba access manager
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...
CVE-2025-59101 Insufficient Session Management in dormakaba access manager
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...
PT-2026-4751
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...
Cross-Site Request Forgery (CSRF)
fastapiusers is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to stateless and predictable OAuth state tokens with no session binding or per-request entropy, which allows an attacker to initiate an OAuth flow, reuse a valid state token, and trick a victim into completing...
CVE-2025-61960
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61960
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61960
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61960
CVE-2025-61960 affects BIG-IP APM portal access. When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can trigger a NULL-pointer/related issue in TMM, causing the Traffic Management Microkernel (TMM) to terminate. This is a data-plane DoS risk ...
CVE-2025-61960 BIG-IP APM portal access vulnerability
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 BIG-IP 代码问题漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A code issue vulnerability exists in F5 BIG-IP that stems from the configuration of a per-request policy where undisclosed traffic could cause...
F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K000156597)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156597 advisory. When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffi...
CVE-2025-61925
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
Linux Distros Unpatched Vulnerability : CVE-2021-41125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP...
GHSA-HF3C-WXG2-49Q9 vLLM vulnerable to Denial of Service by abusing xgrammar cache
Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...
AZL-62684 CVE-2024-57804 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...
PT-2025-3582
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the scsi: mpi3mr driver. The driver exposes a sysfs interface to enable or disable PHYs in a controller/expander setup...
UBUNTU-CVE-2024-43791
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
SUSE CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...
DEBIAN-CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...