CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

EUVD-2026-17921

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

CVE-2026-4829

The CVE-2026-4829 issue affects Devolutions Server (versions up to 2026.1.11). The flaw lies in the external OAuth authentication flow where improper authentication enables an authenticated user to impersonate other users, including administrators, by reusing a session code from an external authe...

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

CVE-2026-4829

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

PT-2026-29537

Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, via reuse of a session code from an external authentication flow...

PT-2025-43672

Name of the Vulnerable Software and Affected Versions Emlog versions prior to the commit 1f726df Emlog Pro version 2.5.23 Description Emlog Pro version 2.5.23 contains a flaw related to session verification codes. A clearing logic error allows the reuse of email verification codes in any context...

EUVD-2023-0931

Malicious code in bioql PyPI...

CVE-2023-27490

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

Code injection

WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session...

CVE-2022-36781

CVE-2022-36781 affects ConnectWise ScreenConnect versions 22.6 and below. The root cause is inadequate rate-limiting on custom access tokens in the default configuration, enabling potential brute-force attempts to gain unauthorized access to session code protections. Multiple connected sources co...

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...

CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...

CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...

CVE-2018-18926

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

PT-2018-14726 · Go · Gitea

Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.5.4 Description: The issue allows remote code execution due to improper validation of session IDs, specifically related to session ID handling in the go-macaron/session code for Macaron. Recommendations: For versions...

Iwebsns最新版SQL注入第一枚

简要描述： Iwebsns最新版SQL注入第一枚 详细说明： 在wooyun上看到雨牛提了5个iwebsns的漏洞了（ WooYun: Iwebsns sql 第五枚。 ），我来捡捡漏儿吧，已对比，不重复，下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复，我先把存在漏洞的文件和注入参数分别写在这里：/action/album/photouplflash.action.php sesscode 下面看看漏洞是怎么产生的/action/album/photouplflash.action.php 无关代码 //变量定义区...