CVE-2020-36948

CVE-2020-36948 concerns VestaCP 0.9.8-26, where the LoginAs module contains a session token vulnerability due to insufficient token validation . This allows remote attackers to manipulate authentication tokens, enabling access to user accounts and performing unauthorized login requests without pr...

EUVD-2018-11402

Malware in sbrugna...

EUVD-2020-4160

Malware in sbrugna...

EUVD-2023-32091

Malicious code in bioql PyPI...

EUVD-2024-2197

Malicious code in bioql PyPI...

EUVD-2024-23279

Malicious code in bioql PyPI...

EUVD-2022-29895

Malicious code in bioql PyPI...

EUVD-2022-5629

Malicious code in bioql PyPI...

CVE-2025-27955

The CVE-2025-27955 entry concerns Carestream Health’s Clinical Collaboration Platform v12.2.1.5. A weak logout system leaves the session token valid after logout, enabling a remote attacker to access sensitive information and potentially execute arbitrary code. Affected software: Clinical Collabo...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2023-22591

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710...

CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

CVE-2020-13416

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...

Suspended Directus user can continue to use session token to access API

Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. Details There is a check missing in verifySessionJWT to verify that a user is actually still active and allowed to...

CVE-2025-30351 Suspended Directus user can continue to use session token to access API

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

CVE-2024-45386

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC PCS neo V4.1 All versions V4.1 Update 2, SIMATIC PCS neo V5.0 All versions V5.0 Update 1, SIMOCODE ES V19 All versions V19 Update 1, SIRIUS Safety ES V19 TIA Portal All versions V19 Update 1, SIRIUS Soft Starter ES...

CVE-2025-22387

Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...

CVE-2023-28395 CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

PT-2023-7476 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to a weak session token generation algorithm that can be predicted, potentially allowing an attacker to hijack a session by predicting the session id and gain unauthorized...

GHSA-JX66-5WW9-M6Q4 Cross-Site Request Forgery in OWASP CSRFGuard

In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token...