EUVD-2012-6003

Malware in sbrugna...

EUVD-2016-7970

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2012-5868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover...

PT-2025-25315

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the session cookie @@ with its HttpOnly flag set to false. This setting increases the risk of Cross-Side-Scripting attacks targeting stored cookies, as it allows client-side...

CVE-2024-21583

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...

CVE-2023-47628

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...

CVE-2022-36080

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user's session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue...

CVE-2025-46344

Summary of affected component: Auth0 Next.js SDK (nextjs-auth0), version range 4.0.1 through 4.5.0. Root cause: When generating a JWE token for the session, the code does not invoke .setExpirationTime, so the JWE lacks an internal expiration claim; session cookies may expire, but the JWE remains ...

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

CVE-2024-49705 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

CVE-2024-49705

Technical details are not publicly provided in the supplied documents. Monitor for updates.

CVE-2024-7053

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

PT-2023-21215 · Unknown · Dg3450 Cable Gateway

Name of the Vulnerable Software and Affected Versions: DG3450 Cable Gateway version AR01.02.056.18 041520 711.NCS.10 Description: An issue was discovered in the log file download functionality of the troubleshooting logs download.php file, which does not check the session cookie. This allows an...

CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub

DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

USN-4994-2 apache2 vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

Important: Red Hat Security Advisory: katello security update

Updated katello packages that fix one security issue are now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...