5 matches found
CVE-2026-56130
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
Deserialization of Untrusted Data
Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. An attacker c...
UBUNTU-CVE-2023-39352
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the password-reset link. An attacker can gain unauthorized access to user accounts by reusing a previously issued password-reset link. Remediation Upgrade github.com/mattermost/mattermost/model to version 3.0...
Insecure Randomness
Overview otp-generator is an One time password generator Affected versions of this package are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. Remediation Upgrade otp-generator to version 3.0.0 or higher. References ...