CVE-2024-27455

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-488
View all →

Vulnerability Description

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03.

Related Vulnerabilities

CVE-2025-47928

CRITICAL
CVSS:9.1(Critical)

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the che...

CWE-4882025

CVE-2024-38367

CRITICAL
CVSS:9.6(Critical)

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipula...

CWE-4882024

CVE-2024-27935

HIGH
CVSS:8.3(High)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data...

CWE-4882024

CVE-2025-1247

HIGH
CVSS:8.3(High)

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipul...

CWE-4882025

CVE-2023-1907

HIGH
CVSS:8.0(High)

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simult...

CWE-4882023

CVE-2024-41977

HIGH
CVSS:8.0(High)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB ...

CWE-4882024