CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SessionMiddleware process when the X-Admin-Token HTTP header is accepted from the client and its raw value is used as the authenticated user ID if no Kratos session cookie ...

CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

EUVD-2015-0011

Malware in sbrugna...

EUVD-2024-2308

Malicious code in bioql PyPI...

Mist 安全漏洞

Mist is an open source multi-cloud management platform from Mist, Inc. in the United States. A security vulnerability exists in Mist 4.7.1 and earlier versions, which originates from a cross-site request forgery in the function sessionstartresponse in the file src/mist/api/auth/middleware.py...

Rack session gets restored after deletion

Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...

GHSA-VPFW-47H7-XJ4G Rack session gets restored after deletion

Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...

CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

CVE-2025-32441

CVE-2025-32441 affects the Rack Ruby web server interface. Before 2.2.14, when using the Rack::Session::Pool middleware, concurrent requests can cause a deleted session to be restored, enabling an unauthenticated user to reuse that session. The exploitation scenario requires an attacker to obtain...

GO-2024-2959 Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber

Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber...

Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own sessionid value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability...

GHSA-98J2-3J3P-FW2V Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own sessionid value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

CVE-2024-38513

The CVE-2024-38513 issue affects the GoFiber (Fiber) session middleware in GoFiber versions prior to 2.52.5. The vulnerability allows a user to supply their own session_id value, which can cause a session to be created with that key. This can enable unauthorized access or session fixation if an a...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...