CVE-2026-33384 Session Fixation in QuickCMS

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

CVE-2026-7507

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

CVE-2026-33875

Gematik Authenticator (software component for digital health login) is affected. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing an attacker to authenticate as a victim who clicks a malicious deep link. Root cause is not explicitly detailed beyond th...

PT-2026-28341

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.17.2 Description Bludit allows a user's session identifier to be set before authentication. The session ID remains consistent even after authentication, potentially allowing an attacker to fixate a session ID for a...

Authenticator 安全漏洞

Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator prior to 4.16.0 contained a security vulnerability. This vulnerability stemmed from the possibility that the authentication process could be hijacked, allowing attackers to use the identity of...

PT-2026-24111

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

CVE-2026-27515

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

SHARP AQUOS Photo Player HN-PP150 Cross-Site Request Forgery (CVE-2016-1175)

Cross-site request forgery CSRF vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

MiracleLinux 4 : ipa-2.1.3-9.0.1.AXS4 (AXSA:2012-370:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-370:01 advisory. IPA is an integrated solution to provide centrally managed Identity machine, user, virtual machines, groups, authentication credentials, Policy configuration...

CVE-2010-0711

Cross-site request forgery CSRF vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that 1 delete users via the delete action in the ma2 parameter or 2 create...

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a...

CVE-2022-27632

Cross-site request forgery CSRF vulnerability in RebooterWATCH BOOT nino RPC-M2C End of Sale all firmware versions, WATCH BOOT light RPC-M5C End of Sale all firmware versions, WATCH BOOT L-zero RPC-M4L End of Sale all firmware versions, WATCH BOOT mini RPC-M4H End of Sale all firmware versions,...

EUVD-2025-177182

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available...

EUVD-2014-7035

Malware in sbrugna...

EUVD-2013-3332

Malware in sbrugna...

EUVD-2013-5786

Malware in sbrugna...

EUVD-2008-7110

Malware in sbrugna...

EUVD-2011-5097

Malware in sbrugna...

EUVD-2012-1853

Malware in sbrugna...