CVE-2026-42851

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, or a remote attacker who can control output displayed in the terminal, could exploit this vulnerability. By sending specially crafted input to the terminal, the attacker can cause Kitty to execute arbitrary Python...

GHSA-66HX-CHF7-3332 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

EUVD-2006-5318

Malware in sbrugna...

EUVD-2017-16713

Malware in sbrugna...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

Security Updates for Exchange (May 2021)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

CVE-2018-19718

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session...

Oracle Database Server has a remote vulnerability (CNVD-2015-02522)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00473)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00470)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session, Create Table' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00487)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00472)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

CVE-2012-3220

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors...

Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)

Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...