Search Vulnerabilities

Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Whisper Money has IDOR Vulnerability on sync/balances endpoint

OpenProject users can delete other user's session, causing them to be logged out

SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`

cifs.upcall makes an upcall to the wrong namespace in containerized environments

Improper session handling in B&R APROL

Element Android PIN autologout bypass

Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance

Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure

Exposure of Token in open-webui/open-webui

Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8

CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

Undertow: url-encoded request path information can be broken on ajp-listener

Improper authorization controls in PaperCut NG/MF

Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Seeing admin password hash value in Mia Technology's Mia-Med

Exposure of data element to wrong session in the Intel DCM software before version 5