805 matches found
Deno 安全漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions 1.35.1 through 1.36.3, which stems from a Node.js compatibility issue that reuses the global buffer in streamwrap.ts...
CVE-2022-46070
creationtimestamp| type| source ---|---|--- 2024-03-11 23:26:59+00:00| seen| https://t.me/ctinow/205130 2024-03-11 23:27:10+00:00| seen| https://t.me/ctinow/205138 2025-04-16 15:56:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12082...
CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...
GHSA-WRQV-PF6J-MQJP Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...
PT-2024-22149 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno versions 1.35.1 through 1.36.2 Description: A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. Th...
SUSE CVE-2024-26144
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
DEBIAN-CVE-2024-26144
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...
CVE-2024-25122 Cross-site Scripting sidekiq-unique-jobs UI server vulnerability
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...
OESA-2023-1922 python-flask security update
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...
PHPEMS Deserialization of Untrusted Data vulnerability
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has...
GHSA-5RV2-VVMF-F7W8 PHPEMS Deserialization of Untrusted Data vulnerability
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has...
Deserialization of untrusted data
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2023-6654 PHPEMS Session Data session.cls.php deserialization
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2023-6654 PHPEMS Session Data session.cls.php deserialization
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...
PT-2023-32730 · Phpems · Phpems
Name of the Vulnerable Software and Affected Versions: PHPEMS versions 6.x through 9.0 Description: A critical vulnerability was found in the library lib/session.cls.php of the component Session Data Handler, affecting an unknown functionality. The manipulation leads to deserialization and can be...
CVE-2023-46326
ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation...
PT-2023-27377 · Opennms · Opennms Horizon +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.9 OpenNMS Horizon versions prior to 32.0.5 Description: Cross-site scripting in bootstrap.jsp allows an attacker access to confidential session information. The installation instructions for Meridian...
Opennms Group OpenNMS Cross-Site Scripting Vulnerability
Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from US-based Opennms Group. OpenNMS suffers from a cross-site scripting vulnerability in the source bootstrap.jsp parameter that allows an attacker to access confidential session...