216 matches found
EUVD-1999-1132
Malware in sbrugna...
EUVD-2020-6400
Malware in sbrugna...
EUVD-2018-19391
Malware in sbrugna...
EUVD-2019-15216
Malware in sbrugna...
EUVD-2013-0538
Malware in sbrugna...
EUVD-2013-7119
Malware in sbrugna...
EUVD-2021-9288
Malicious code in bioql PyPI...
EUVD-2024-17363
Malicious code in bioql PyPI...
CVE-2023-41041
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2013-4958
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...
CVE-2019-10046
An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...
CVE-2018-21018
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions...
CVE-2010-5067
Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the incorrect expiration time of sessions, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Linux Distros Unpatched Vulnerability : CVE-2013-7347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session...
The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.
The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...