SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

EUVD-2026-24831

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional expiration of sessions when binding fails. This could allow remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2026-31476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets...

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

PT-2026-29278

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1473)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1473 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Truesec LAPSWebUI 安全漏洞

Truesec LAPSWebUI is a web-based management interface provided by the Swedish company Truesec. Versions of Truesec LAPSWebUI prior to version 2.4 contained security vulnerabilities. These vulnerabilities were due to insufficient session expiration mechanisms, which could allow attackers to gain...

CVE-2026-3401

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the...

CVE-2025-36377

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

MiracleLinux 4 : httpd24-1.1-19.AXS4, httpd24-httpd-2.4.25-9.AXS4.1, httpd24-nghttp2-1.7.1-8.AXS4 (AXSA:2019-4423:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4423:01 advisory. httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217...

HCL BigFix IVR 安全漏洞

HCL BigFix IVR is a vulnerability fixing tool from HCL India. A security vulnerability exists in HCL BigFix IVR version 4.2 that stems from insufficient session expiration of the Web UI authentication component, which could lead to unauthorized access to protected API endpoints...

CVE-2025-62329 HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions...

keycloak-server: Too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

PT-2025-43673

Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.23.2 Description FlashMQ, a MQTT broker/server designed for multi-CPU environments, has an issue where authenticated users can create sessions that collect Quality of Service QoS messages. These messages are not...

CVE-2024-33507

An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...

EUVD-2024-31245

An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...

CVE-2024-33507

An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logg...