Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.8.0-alpha.7 and 8.6.75. These vulnerabilities stemmed from the GET /sessions/me endpoi...

CVE-2026-30970

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

CVE-2026-30970 Session authentication bypass in Coral Server session creation endpoint

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

CVE-2026-30970

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the/api/v1/sessions endpoint, which allowed the creation of proxy sessions without...

CVE-2025-30039 Missing authentication in API returning a list of all active sessions

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...

CVE-2024-48905

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint...

CVE-2024-48905

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint...

CVE-2024-48905

CVE-2024-48905 affects Sematell ReplyOne 7.4.3.0 with insecure permissions on the /rest/sessions endpoint, enabling potential unauthorized access. Root cause: insufficient access controls. CVSS v3.1 base score 9.1 (CRITICAL) affecting confidentiality and integrity. Exploitation details are not pr...

PT-2024-39852 · Craig Rodway · Classroombookings

Name of the Vulnerable Software and Affected Versions: Craig Rodway Classroombookings version 2.8.7 Description: A vulnerability was found in the processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be...

PT-2023-5573 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions 3.0.0 through 3.5.4 JumpServer versions 3.6.0 through 3.6.3 Description: The issue is related to a weakness in the authentication procedure of JumpServer, an open-source bastion host and professional operation and...

GHSA-89P3-9J8C-FQH4 Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Publish Ibexa Kernel versions prior to 7.5.15.1, which stems from misuse of the /user/sessions endpoint to determine if an account...

CVE-2021-46876

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence...

Information Disclosure

ezsystems/ezplatform-rest is vulnerable to information disclosure. The /user/sessions endpoint allows an attacker to discover valid accounts by analyzing the server response time...

/user/sessions endpoint allows detecting valid accounts

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the respons...