Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-488 (对错误会话暴露数据元素) — Vulnerability Class 20

20 vulnerabilities classified as CWE-488 (对错误会话暴露数据元素). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure — fleet 6.5 -2026-03-27
CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server — Zabbix 2.7 -2026-03-24
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused — lettermint-node 4.7 Medium2026-02-21
CVE-2026-23844 Whisper Money has IDOR Vulnerability on sync/balances endpoint — whisper-money 6.5AIMediumAI2026-01-19
CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out — openproject 6.5 Medium2026-01-19
CVE-2025-24934 SO_REUSEPORT_LB breaks connect(2) for UDP sockets — FreeBSD 6.2AIMediumAI2025-10-22
CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` — spotipy 9.1 Critical2025-05-15
CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments — cifs-utils 5.9 Medium2025-03-25
CVE-2025-27606 Element Android PIN autologout bypass — element-android 5.1 Medium2025-03-14
CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance 8.3 High2025-02-13
CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session 8.0 High2025-01-09
CVE-2024-11094 404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure — 404 Solution 5.3 Medium2024-11-16
CVE-2024-7049 Exposure of Token in open-webui/open-webui — open-webui/open-webui 8.1AIHighAI2024-10-10
CVE-2024-5148 Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate 7.5 High2024-09-02
CVE-2024-41977 Siemens多款产品 安全漏洞 — RUGGEDCOM RM1224 LTE(4G) EU 7.1 High2024-08-13
CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking — CocoaPods 8.2 High2024-07-01
CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener 7.5 High2024-06-20
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF — PaperCut NG, PaperCut MF 4.8 Medium2024-03-14
CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination — deno 7.2 High2024-03-06
CVE-2023-6519 Seeing admin password hash value in Mia Technology's Mia-Med — MİA-MED 7.5 High2024-02-08

Vulnerabilities classified as CWE-488 (对错误会话暴露数据元素) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.