CVE-2026-47339

CVE-2026-47339 affects Apache APISIX (authz-casdoor plugin). Under default configuration, it allows an attacker to authenticate using credentials from a different source, indicating an incorrect authorization vulnerability across versions 2.14.1 through 3.16.0. The risk is described as high (per ...

CVE-2026-47339 Apache APISIX: authz-casdoor incorrect session sharing

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

CVE-2026-27764

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

Session Sharing Explained with Troubleshooting Steps

This article explains session sharing and discusses some common scenarios. Session sharing is the ability of a seamless published application to be executed over the same connection as other seamless applications that are already running on the same server, under an existing Session ID of a user...

Default credentials

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

CVE-2023-49255 Router console accessible without authentication

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

CVE-2023-42940

A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content...

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...

See how I through subdomain takeover to bypass the Uber Single Sign-On authentication mechanism-vulnerability warning-the black bar safety net

! Uber to use the Amazon CloudFront CDN architecture website saostatic. uber. com there is a subdomain of the security vulnerability, an attacker take over. In addition, Uber recently deployed in the site auth. uber. com, based on Uber all the subdomain cookie sharing to achieve authentication of...

Meterpreter Session Proxy: Metasploit Aggregator

Meterpreter Session Proxy The Metasploit Aggregator is a proxy for Meterpreter sessions. Normally, Meterpreter sessions connect directly to a Metasploit listener. However, this has a few problems: 1. Multiple users cannot easily share the session once it is established, without some sort of...

RHEL 7 : kdenetwork (RHSA-2014:1827)

Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Kahua vulnerable in allowing to share login sessions

Overview Kahua is an open source application development and runtime environment server. Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases. Impact A remote attacker could possibly take over the user...