CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

May 8, 2025

CVE ID : CVE-2025-46336

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46712 – Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability

Next Article CVE-2025-45798 – TOTOLINK A950RG Command Execution Vulnerability

Highlights

CVE-2025-37815 – “Microchip PCI1xxxx Linux Kernel IRQ Handler Registration Vulnerability”

May 8, 2025

CVE ID : CVE-2025-37815

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration

Resolve kernel panic while accessing IRQ handler associated with the
generated IRQ. This is done by acquiring the spinlock and storing the
current interrupt state before handling the interrupt request using
generic_handle_irq.

A previous fix patch was submitted where ‘generic_handle_irq’ was
replaced with ‘handle_nested_irq’. However, this change also causes
the kernel panic where after determining which GPIO triggered the
interrupt and attempting to call handle_nested_irq with the mapped
IRQ number, leads to a failure in locating the registered handler.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

I recommend this Chromebook over many Windows laptops that cost twice as much

Why I recommend this flagship TCL TV over OLED models that cost more (and don’t regret it)

Finally, a Lenovo ThinkPad that impressed me in performance, design, and battery life

3 productivity gadgets I can’t work without (and why they make such a big difference)

SQL Joins

SQL Joins

Dividing Collections with Laravel’s splitIn Helper

PayHere for Laravel

Distribution Release: IPFire 2.29 Core 195

Distribution Release: IPFire 2.29 Core 195

TeleSculptor – transforms aerial videos and images into Geospatial 3D models

Rilasciato IceWM 3.8: Gestore di Finestre per il Sistema X

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

Canadian telecom hacked by suspected China state group

React Three Fiber: The Ultimate Guide to 3D Web Development

CVE-2025-4805 – WatchGuard Fireware OS Stored XSS Vulnerability

CVE-2025-37884 – Linux Kernel BPF Event Mutex Deadlock

April 11, 2025: AI updates from the past week — Google’s new tools for building AI agents, agent mode in GitHub Copilot, and more

CVE-2025-37815 – “Microchip PCI1xxxx Linux Kernel IRQ Handler Registration Vulnerability”

Mapping the misuse of generative AI

CVE-2025-4082 – Mozilla Firefox WebGL Out-of-Bounds Read RCE

US infrastructure could crumble under cyberattack, ex-NSA advisor warns

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

Related Posts