CVE-2024-25051

IBM Jazz Reporting Service (versions 7.0.2–7.0.3) does not invalidate the user session on logout, allowing an authenticated privileged user to impersonate another user. Root cause: insufficient session expiration/invalidat ion after logout. Impact: potential privilege escalation and unauthorized ...

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...

CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

CVE-2024-45386

The CVE-2024-45386 entry concerns Siemens SIMATIC PCS neo (v4.0, v4.1 < Update 2, v5.0 < Update 1), SIMOCODE ES v19 (< Update 1), SIRIUS Safety ES v19 (TIA Portal) (< Update 1), SIRIUS Soft Starter ES (TIA Portal) (< Update 1), and TIA Administrator (

CVE-2024-42207

CVE-2024-42207 concerns HCL iAutomate and describes a session fixation vulnerability that could allow an attacker to hijack a victim’s session ID from an authenticated session. Multiple sources corroborate the issue but do not provide concrete patch details or affected versions. PT-Security notes...

CVE-2024-35220

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not...

Apache Airflow 代码问题漏洞

Apache Airflow is a set of open source platforms for creating, managing and monitoring workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 1.5.2 that stems from a...

CVE-2024-55517

Summary (CVE-2024-55517) : Polaris FT Intellect Core Banking 9.5’s Interllect Core Search has a vulnerability where input passed via the groupType parameter in /SCGController is mishandled before being used in SQL queries, enabling SQL injection in an authenticated session. Affected component: In...

CVE-2024-56330 Session VNC may be accessed by other sessions on the same host in stardust

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

Medium: python-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

CVE-2024-55603 Insufficient session invalidation in Kanboard

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

Improper Session Termination

umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...

IBM Aspera Shares 代码问题漏洞

IBM Aspera Shares is a web application from International Business Machines IBM. A code issue vulnerability exists in IBM Aspera Shares versions 1.0 through 1.10.0 PL3, which stems from failing to disable a session after a password reset, which could allow an authenticated user to impersonate...

fastify session 安全漏洞

fastify session is an open source plugin for fastify. A security vulnerability exists in fastify session version 10.8.0 and earlier that stems from the reuse of a corrupted session cookie...

AZL-42145 CVE-2024-35195 affecting package python-requests for versions less than 2.27.1-7

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...