26 matches found
EUVD-2020-15931
Malware in sbrugna...
EUVD-2024-35179
Malicious code in bioql PyPI...
EUVD-2022-33676
Malicious code in bioql PyPI...
File Browser’s insecure JWT handling can lead to session replay attacks after logout
Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...
CVE-2022-29334
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack...
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...
WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins
Summary An attacker can bypass authentication by capturing a valid login response including session cookies/tokens and replaying it during a failed login attempt with incorrect credentials. The server fails to invalidate or validate session tokens properly, allowing unauthorized access even after...
CVE-2025-1968
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...
CVE-2025-1968
Summary: CVE-2025-1968 is an Insufficient Session Expiration vulnerability in Progress Sitefinity. Under specific and uncommon conditions, it allows reusing Session IDs (Session Replay Attacks). Affected versions are Sitefinity 14.0–14.3, 14.4 before 14.4.8145, 15.0 before 15.0.8231, 15.1 before ...
CVE-2024-35048
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password...
CVE-2024-35048
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password...
CVE-2024-35048
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password...
CVE-2024-35048
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password...
CVE-2024-35048
CVE-2024-35048 affects SurveyKing v1.3.1, enabling a session replay attack after password changes. The CVSSv3.1 base score is 4.3 (Medium): Network vector, low privileges, no user interaction, with integrity impact Low. Exploitation status and concrete root cause are not detailed in the provided ...
Session Replay Attack
libosdp is vulnerable to a Session Replay Attack. The vulnerability is due to the lack of validation for RMACI messages in response to osdpSCRYPT, and the allowance of SCS14 on encrypted connections. Attackers with man-in-the-middle access can intercept RMACI replies during a session and replay...
CVE-2022-29334
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack...
CVE-2022-29334
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack...
CVE-2022-29334
CVE-2022-29334 describes an authentication bypass in the H v1.0 platform via a session replay attack. The affected component is the H authentication/session handling (H v1.0). The publicly documented impact is bypass of authentication through replayed sessions, with high-severity implications ind...
CVE-2022-29334
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack...
Unspecified Vulnerability in PHP-Fusion
PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. PHP-Fusion suffers from a security vulnerability that stems from a session cookie not being deleted when a user lo...