26 matches found
Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017459)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017459 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
PT-2026-3642
Name of the Vulnerable Software and Affected Versions Hotwired Turbo versions prior to 8.0.0 Description A race condition exists in the turbo-frame element handler. This issue can cause logout operations to fail when delayed frame responses reapply session cookies after a user has logged out...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
EUVD-2022-7575
Malicious code in bioql PyPI...
CVE-2022-3916
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
CVE-2022-3916
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
CVE-2022-3916 Keycloak: session takeover with oidc offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
CVE-2022-3916 Keycloak: session takeover with oidc offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...
CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...
Design/Logic Flaw
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...
DigiExam 安全漏洞
DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...
CVE-2023-33668
CVE-2023-33668 affects DigiExam up to v14.0.2, where there is a lack of integrity checks for native modules. The issue enables attackers on shared computers to access PII and potentially take over user accounts, per multiple sources including Red Hat and NVD entries. The root cause is insufficien...
CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...
CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...
PT-2023-4069 · Digiexam · Digiexam
Name of the Vulnerable Software and Affected Versions: DigiExam versions up to 14.0.2 Description: The issue is related to the lack of integrity checks for native modules in DigiExam, allowing remote attackers to access personally identifiable information PII and takeover accounts on shared...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...