EUVD-2024-32933

Malicious code in bioql PyPI...

EUVD-2023-24221

Malicious code in bioql PyPI...

EUVD-2025-20194

Malicious code in bioql PyPI...

CVE-2025-7115

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts of the component Session Handler. The manipulation of the argument...

CVE-2025-7114

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...

CVE-2025-7115

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts of the component Session Handler. The manipulation of the argument...

CVE-2025-7114

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...

CVE-2025-7115

The CVE-2025-7115 entry concerns rowboatlabs rowboat, specifically the Session Handler component. The vulnerable element is the function PUT in file apps/rowboat/app/api/uploads/[fileId]/route.ts, where manipulation of the params argument leads to missing authentication, enabling remote exploitat...

CVE-2025-7114 SimStudioAI sim Session route.ts POST missing authentication

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument...

CVE-2025-7114

CVE-2025-7114 targets SimStudioAI sim up to commit 37786d371e17d35e0764e1b5cd519d873d90d97b. The flaw resides in the POST handler for apps/sim/app/api/files/upload/route.ts (Session Handler), where the Request can be manipulated without authentication, enabling remote, unauthenticated access. Mul...

PT-2025-28133 · Rowboatlabs · Rowboat

Name of the Vulnerable Software and Affected Versions: rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97 Description: A critical issue has been found, affecting the function PUT of the file apps/rowboat/app/api/uploads/fileId/route.ts in the Session Handler component. The...

PT-2025-28131

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Description: A critical issue was found in the Session Handler component, specifically affecting the POST function of the file apps/sim/app/api/files/upload/route.ts. The...

The vulnerability of the TYPO3 content management system’s session handler allows attackers to circumvent existing security restrictions.

The vulnerability of the TYPO3 content management system’s session handler involves exploiting an alternative authentication process or channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-20513

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to...

CVE-2024-4596

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...

CVE-2022-46170

CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...

FreeBSD : kanboard -- Insufficient session invalidation (94b2d58a-c1e9-11ef-aa3f-dcfe074bd614)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94b2d58a-c1e9-11ef-aa3f-dcfe074bd614 advisory. [email protected] reports: Kanboard is project management software that focuses on the...

CVE-2024-55603 Insufficient session invalidation in Kanboard

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

CVE-2024-55603

CVE-2024-55603 affects Kanboard. Affected versions allow sessions to remain valid after expiry because the custom session handler queries the sessions table without properly validating the expires_at lifetime, enabling a login for expired sessions. The SessionHandlerInterface::gc cleanup runs onl...