Lucene search
K

200 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-37263

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49950

Malicious code in bioql PyPI...

3.6CVSS4.4AI score0.0024EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4624

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.13075EPSS
Exploits0References81
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-46527

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00425EPSS
Exploits0References1
OSV
OSV
added 2025/09/08 8:5 p.m.4 views

GHSA-RPW8-82V9-3Q87 Fides' Admin UI User Password Change Does Not Invalidate Current Session

Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...

6.3CVSS6.1AI score0.00275EPSS
Exploits1References5
NVD
NVD
added 2025/09/03 8:15 p.m.6 views

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

8.8CVSS0.0031EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.5 views

Envoy 代码问题漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy, which stems from the OAuth2 filter omitting the Secure attribute when deleting session cookies with the Secure-/Host- prefix, resulting in the browser rejecting the delet...

8.8CVSS6.7AI score0.0031EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-2386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated...

7.1CVSS6.9AI score0.01225EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-1776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case...

4.3CVSS5.6AI score0.00946EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/05/25 3:43 a.m.10 views

Shopify: Session Persistence Designed to Keep Users Logged In Across Multiple Devices (Intended Behaviour)

Summary: Hi, After logging out of the application, the session associated with the user is not invalidated server-side. An attacker with access to the session cookie prior to logout can reuse the same cookie to re-authenticate, effectively bypassing the logout process and regaining access to the...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.7 views

CVE-2024-32006

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 SP2. The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication...

6.5CVSS6.8AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:1 a.m.16 views

CVE-2023-45187

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

8.8CVSS6.2AI score0.00381EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.12 views

CVE-2023-45659

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixe...

3.6CVSS7AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.11 views

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to...

5.4CVSS7AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.13 views

CVE-2022-40228

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...

5.4CVSS6.4AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.7 views

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.7AI score0.01103EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.8 views

CVE-2021-38823

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser...

9.8CVSS6.8AI score0.01457EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/03/20 10:52 p.m.489 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813: Apache 1. Explanation Tomcat is vulnerabl...

9.8CVSS9AI score0.99945EPSS
Exploits46
GithubExploit
GithubExploit
added 2025/03/16 11:59 a.m.359 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用:需在 web.xml 中配置 readonly=false...

9.8CVSS9.3AI score0.99945EPSS
Exploits46
Wallarm Lab
Wallarm Lab
added 2025/03/14 3:38 a.m.247 views

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution RCE vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online:...

9.8CVSS6.4AI score0.99945EPSS
Exploits46
Rows per page
Query Builder