64 matches found
EUVD-2008-3160
Malware in sbrugna...
EUVD-2014-8476
Malware in sbrugna...
EUVD-2008-3162
Malware in sbrugna...
EUVD-2018-6305
Malware in sbrugna...
EUVD-2019-0787
Malware in sbrugna...
EUVD-2022-1745
Malicious code in bioql PyPI...
EUVD-2022-0888
Malicious code in bioql PyPI...
CVE-2024-7053
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
GHSA-43G4-487M-5Q6M Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
CVE-2024-7053
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
CVE-2024-7053
CVE-2024-7053 affects open-webui/open-webui version 0.3.8. A session-fixation vulnerability allows a user-level attacker to cause the administrator’s session cookie to be exfiltrated via a cross-origin request triggered by a malicious markdown image in chat. The cookies use SameSite=Lax and lack ...
CVE-2024-7053 Session Fixation in open-webui/open-webui
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
PT-2025-12183 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: A vulnerability allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the...
F5 Networks BIG-IP : Apache Tomcat vulnerability (K24551552)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K24551552 advisory. When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was ...
Oracle Linux 7 : tomcat (ELSA-2020-4004)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4004 advisory. - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS - Resolves: CVE-2020-9484 tomca...
CVE-2023-22479
CVE-2023-22479 affects KubePi (Kubernetes panel). Vulnerable in versions 1.6.3 and earlier due to a session fixation vulnerability that can allow an attacker to hijack a legitimate user session. Root cause involves how session IDs are handled. The advisory notes a patch is available in version 1....
Security Bulletin: Multiple IBM MQ vulnerabilities affect IBM Sterling Global Mailbox
Summary IBM MQ is shipped with IBM Sterling Global Mailbox. Multiple vulnerabilities impacts IBM MQ. Remediation is available for the issues. Vulnerability Details CVEID: CVE-2019-4227 DESCRIPTION: IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners...
Mageia: Security Advisory (MGASA-2020-0054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Multiple Vulnerabilities (NS-SA-2021-0144)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...