CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-23796

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

CVE-2025-24531

The CVE-2025-24531 entry concerns OpenSC pam_pkcs11 before 0.6.13, where pam_sm_authenticate() may return PAM_IGNORE in various error conditions (e.g., smartcard errors before login). This behavior can allow authentication bypass. The open/public data provided identifies the affected component an...

PT-2025-50971

Name of the Vulnerable Software and Affected Versions PCMan FTP Server version 2.0 Description PCMan FTP Server 2.0 contains a buffer overflow in the 'pwd' command. This allows remote attackers to execute arbitrary code by sending a specially crafted payload during the FTP login process,...

CVE-2025-63529

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating...

CVE-2025-57789

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

CVE-2025-57789

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

CVE-2012-10053 Simple Web Server Connection Header Buffer Overflow

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf without proper bounds checking, leading to a buffer overflow on the stack. This...

CVE-2024-11317

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

PT-2024-22764 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...

PT-2024-23174 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: Product name affected versions not specified Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the coredump file. Recommendations: At t...

The vulnerability of the Nextcloud Notes note-taking application, which allows a hacker to access confidential information

The vulnerability of the Nextcloud Notes note-taking application lies in the ability to share the Notes folder with a new user before he enters the system. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential information...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Notes version 4.6.0 and earlier, which stems from the fact that if an attacker manages to share a folder named...

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...