7 matches found
CVE-2026-56877
The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...
EUVD-2022-35023
Malicious code in bioql PyPI...
EUVD-2022-29772
Malicious code in bioql PyPI...
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2020-15270
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...
Octopus Server 代码问题漏洞
Octopus Server is an automated deployment platform. Octopus Server has a security vulnerability that stems from improper validation of its session token parameter resulting in a session token that may be valid indefinitely...