PT-2026-49099

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver, as it will be released soon...

CVE-2026-30970 Session authentication bypass in Coral Server session creation endpoint

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

DEBIAN-CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

EUVD-2021-1081

Malware in sbrugna...

EUVD-2017-16313

Malware in sbrugna...

PT-2025-35199

Name of the Vulnerable Software and Affected Versions: Gitblit affected versions not specified Description: This issue is an authentication bypass vulnerability in Gitblit, an open-source Java stack for managing Git repositories. The vulnerability involves exploiting opportunities within the MINA...

CVE-2024-34354

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

CVE-2025-47269

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

PT-2025-20599 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.99.4 Description: The issue allows an attacker to gain access to the session token through a maliciously crafted URL using the proxy subpath. This can result in the attacker proxying to an arbitrary domain,...

CVE-2025-24390

The CVE-2025-24390 issue affects OTRS Application Server and reverse proxy configurations, enabling session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. Affected: OTRS 7.0.X, 8.0.X, 2023.X, 2024.X. Root cause: incomplete cookie security attributes in HTTPS ...

Improper Session Termination

umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...

GHSA-WXW9-6PV9-C3XC Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

GHSA-FP6Q-GCCW-7QQM Umbraco CMS logout page displayed before session expiration

Impact The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are...

CVE-2024-48926

CVE-2024-48926 affects Umbraco CMS. The issue is an insufficient session expiration in the Backoffice where the logout page shows a timeout message ~30 seconds before the server session expires. Affected versions: 13.x prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. Patches are p...

CVE-2024-37343

CVE-2024-37343 describes a cross-site scripting vulnerability in the Absolute Secure Access administrative console (prior to version 13.06). Attackers with valid tunnel credentials can pass a limited-length script to the console, which is temporarily stored and could be triggered when an administ...

SaaS Starter 数据伪造问题漏洞

SaaS Starter is an open source, fast and freely hosted SaaS template/sample from Critical Moments Open Source. A data forgery issue vulnerability exists in SaaS Starter that stems from a user JWT token not being validated on the server session...

CVE-2024-34354

CMSaaSStarter JWT token not verified on server session affects forks prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6. Affected software: CMSaaSStarter templates, built with SvelteKit/Tailwind/Supabase. Root cause: user JWT token not validated on the server session. Remediation: apply pat...

CVE-2024-34354 CMSaasStarter: JWT Token Not Verified on Server Session

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...