Lucene search
K

51 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added...

6.5AI score0.00173EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.3 views

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-37882

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0799

Malicious code in bioql PyPI...

8.1CVSS5.2AI score0.00659EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-0015

Malicious code in bioql PyPI...

8CVSS6.3AI score0.0044EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-20195

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00498EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-20194

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00399EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-36188

Malicious code in bioql PyPI...

8CVSS7.9AI score0.00735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.5 views

CVE-2023-52440

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...

7.8CVSS7AI score0.36685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.10 views

CVE-2021-21621

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user basic authentication details only" information, which can include the session ID of the user creating the support bundle in some configurations...

5.3CVSS7AI score0.01206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 a.m.9 views

CVE-2019-1003019

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

5.9CVSS6.6AI score0.00852EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/14 7:36 a.m.7 views

Race Condition

pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...

8CVSS6.6AI score0.0044EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/01/09 8:15 a.m.11 views

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/09 7:26 a.m.17 views

CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS0.0044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.3 views

PT-2024-2166 · Vmware +1 · Vmware Enhanced Authentication Plug-In +1

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in affected versions not specified Description: The issue is related to a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. This could allow a malicious actor with...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References38
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.3 views

SUSE CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

5CVSS6.9AI score0.06523EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.2 views

SUSE CVE-2018-1000173

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

5.9CVSS5.8AI score0.01653EPSS
Exploits0References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10617 - 2014-03 Security Bulletin: Pulse Connect Secure: Cross site scripting issue (CVE-2014-2291)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the web server. The issue exists within a...

3.5CVSS5.7AI score0.00936EPSS
Exploits1
OSV
OSV
added 2022/05/24 5:0 p.m.5 views

GHSA-92PH-XM9V-CG3J Magento Broken authentication and session managememt

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...

6.5CVSS6.5AI score0.01168EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 3:7 a.m.13 views

GHSA-4PJX-86PG-X4J5 Jenkins SAML Plugin Session Fixation vulnerability

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. SAML Plugin 1.0.7 invalidates the previous session during login and create...

6.5CVSS5.5AI score0.00852EPSS
Exploits0References4
Rows per page
Query Builder