CVE-2018-25317

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...

EUVD-2018-21837

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

Tenda W3002R 安全漏洞

The Tenda W3002R is a wireless router produced by the Chinese company Tenda. The Tenda W3002R has a security vulnerability, which stems from a Cookie session weakness. This vulnerability allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. They ca...

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

Graylog Web Interface 代码问题漏洞

The Graylog Web Interface is a web interface provided by the American company Graylog. Version 2.2.3 of the Graylog Web Interface has a code vulnerability. This vulnerability stems from improper management of sessions after new logins, which may lead to reused old session tokens, resulting in...

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

EUVD-2025-206369

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The CVE-2025-59102 entry concerns the Access Manager web server’s backup-download functionality, which can expose the device’s entire configuration including unencrypted PINs and MIFARE keys. Connected Red Hat CVEs clarify the adjacent issues: CVE-2025-59101 allows an attacker to bypass session m...

CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-36063

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

VulnCheck KEV: CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

EUVD-2004-0777

Malware in sbrugna...

EUVD-2025-18385

Malicious code in bioql PyPI...

ESPEC North America Web Controller 3 安全漏洞

ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America, Inc. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.8 that originates from user session privileges not being revoked upon logout...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...