CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

May 8, 2025

CVE ID : CVE-2025-46336

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46712 – Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability

Next Article CVE-2025-45798 – TOTOLINK A950RG Command Execution Vulnerability

Highlights

CVE-2025-5132 – Tmall Demo Cross-Site Request Forgery Vulnerability

May 24, 2025

CVE ID : CVE-2025-5132

Published : May 24, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

Windows 11 can now screen record specific app windows using Win + Shift + R (Snipping Tool)

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

CVE-2025-6861 – SourceCodester Best Salon Management System SQL Injection Vulnerability

This limited ThinkPad deal is the best I’ve ever seen in 9 years of Prime Day coverage — but 70% off won’t last long

NiCE launches new branding as it shifts from CCaaS to CX-focused AI platform

CVE-2025-7452 – Kone-Net Go-Chat Path Traversal Vulnerability

CVE-2025-5132 – Tmall Demo Cross-Site Request Forgery Vulnerability

GitHub Issues search now supports nested queries and boolean operators: Here’s how we (re)built it

Windows 10 Build 19045.6156 hits Release Preview with Secure Boot upgrade

Interactive Text Destruction with Three.js, WebGPU, and TSL

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

Related Posts