Lucene search
+L

30 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS0.00747EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 p.m.4 views

EUVD-2025-208958

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 12:16 p.m.6 views

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS0.00334EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/24 12:16 p.m.6 views

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 12:16 p.m.17 views

UBUNTU-CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.7AI score0.00334EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 11:25 a.m.4 views

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/24 11:25 a.m.26 views

CVE-2025-64998 Session hijacking via exposed session signing secret in distributed Checkmk setups

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 11:25 a.m.20 views

CVE-2025-64998

CVE-2025-64998 affects Checkmk versions prior to 2.4.0p23, 2.3.0p45, and 2.2.0. The issue is the exposure of the session signing secret in distributed Checkmk deployments with config sync enabled, enabling an administrator on a remote site to forge session cookies and hijack sessions on the centr...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/24 11:25 a.m.4 views

CVE-2025-64998 Session hijacking via exposed session signing secret in distributed Checkmk setups

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.9AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27382

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p23, 2.3.0p45, and 2.2.0 contain security vulnerabilities. These vulnerabilities stem from the exposure of session signing keys, which could allow remote site administrators to forge session...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2025/05/26 4:34 p.m.5 views

USN-7534-1 flask vulnerability

It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys...

1.8CVSS6.7AI score0.0016EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/05/26 4:34 p.m.4 views

USN-7534-1: Flask vulnerability

It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys...

1.8CVSS6.5AI score0.0016EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/26 12:0 a.m.7 views

Ubuntu 25.04 : Flask vulnerability (USN-7534-1)

The remote Ubuntu 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7534-1 advisory. It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys. Tenable has extracted the...

1.8CVSS6.5AI score0.0016EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/15 9:16 a.m.5 views

SUSE CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.9CVSS6.8AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/14 3:6 p.m.8 views

CVE-2025-47278

A flaw was found in Flask. This vulnerability allows sessions to be signed with stale keys via incorrect fallback key configuration...

2.3CVSS6.6AI score0.0016EPSS
Exploits0References6
Snyk
Snyk
added 2025/05/13 8:25 p.m.6 views

Function Call With Incorrect Order of Arguments

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments due to the incorrect handling of the SECRETKEYFALLBACKS configuration. An attacker can exploit this to sign sessions with stale keys, potentially impeding the transition to fresher keys...

2.3CVSS6.9AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 8:25 p.m.6 views

GHSA-4GRG-W6V8-C28G Flask uses fallback key instead of current signing key

In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...

1.8CVSS7.1AI score0.0016EPSS
Exploits0References5
OSV
OSV
added 2025/05/13 4:15 p.m.9 views

AZL-77831 CVE-2025-47278 affecting package python-flask 1.1.1-4

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS7.1AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder