MiracleLinux 9 : java-11-openjdk-11.0.19.0.7-1.el9 (AXSA:2023-5305:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5305:07 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

CVE-2020-17526

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...

EUVD-2019-2654

Malware in sbrugna...

EUVD-2019-2810

Malware in sbrugna...

EUVD-2022-27517

Malicious code in bioql PyPI...

CVE-2025-50489

CVE-2025-50489 affects the PHPGurukul Student Result Management System v2.0, specifically the /srms/change-password.php component. The issue is improper session invalidation, which enables session hijacking attacks. The CVSS details indicate network access with low attack complexity and no privil...

CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

PT-2018-14726 · Go · Gitea

Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.5.4 Description: The issue allows remote code execution due to improper validation of session IDs, specifically related to session ID handling in the go-macaron/session code for Macaron. Recommendations: For versions...

[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation

ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...