38 matches found
CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...
CVE-2026-27575
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...
CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...
CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...
Vikunja 代码问题漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 had code vulnerabilities. These vulnerabilities stemmed from allowing the setting of weak passwords, where user-changed passwords still allowed active sessions to remain valid,...
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
GHSA-X7RP-QJ2H-GHGW Flowise Fails to Invalidate Existing Sessions After Password Changes
Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...
CVE-2004-2767
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service connection slot exhaustion by establishing many FTP sessions that persist for the lifetime of a DS session...
Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades
In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...
in forkcms/forkcms
Description Insufficient Session expiration even after Credential like password of the account is being updated. Proof of Concept open the same account in multiple browsers. change the password in one Browser. Reload the other one. as a result we can see the account on the other browser is not...
Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. (CVE-2012-3300)
Question Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. CVE-2012-3300 | -9F7F4EC1049C904F85257A77006D19A9- | Answer Flash Alert Abstract WebSphere Commerce contains a security vulnerability related to its use of persistent sessions a...
CVE-2018-19878
An issue was discovered on Teltonika RTU950 R31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory...
Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities
According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getResource, getResourceAsStream, and getResourcePaths...
HTTPie - a CLI, cURL-like tool for humans
HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...
Multiple Vendor TCP Sequence Number Approximation Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to...
Multiple Vendor - TCP Sequence Number Approximation (2)
Multiple Vendor - TCP Sequence Number Approximation 2 source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit...
Multiple Vendor - TCP Sequence Number Approximation (1)
Multiple Vendor - TCP Sequence Number Approximation 1 // source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may perm...