Lucene search
K

170 matches found

OSV
OSV
added 2025/06/20 3:15 p.m.3 views

CVE-2025-3319

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.5 views

The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...

4.3CVSS5.5AI score0.00233EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.9 views

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

10CVSS7.1AI score0.36516EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

Siemens SIMATIC PCS neo 代码问题漏洞

Siemens SIMATIC PCS neo is a distributed control system from Siemens, Germany. A code issue vulnerability exists in Siemens SIMATIC PCS neo that originates from a user logging off and not properly disabling the session, which could lead to session reuse...

9.8CVSS6.6AI score0.00374EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.13 views

PHPGurukul Hostel Management System 安全漏洞

Hostel Management System is a hostel management system. Hostel Management System has a session hijacking vulnerability that stems from improper handling of session data in the file /hostel/change-password.php, no details of the vulnerability are available at this time...

9.1CVSS6.9AI score0.0038EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.6 views

The vulnerability of the SAML (Security Assertion Markup Language) technology in the PAN-OS operating system allows a perpetrator to increase their privileges.

The vulnerability of the SAML Security Assertion Markup Language technology in the PAN-OS operating system is related to improper session management. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.5CVSS5.4AI score0.00324EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.4 views

Denkovi DAEnetIP4 METO 安全漏洞

Denkovi DAEnetIP4 METO is a multifunctional 10/100 Mb Ethernet device IP controller from Denkovi for management and control. A security vulnerability exists in Denkovi DAEnetIP4 METO version 1.25, which stems from improper session management in the /loginok.htm endpoint, and could lead to a sessi...

9.8CVSS6.6AI score0.01681EPSS
Exploits0References1
CVE
CVE
added 2025/04/18 12:0 a.m.63 views

CVE-2025-28059

CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...

7.5CVSS6.8AI score0.00688EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.5 views

The vulnerability of the Service Layer component of the SAP Business One resource management system allows a malicious actor to enhance their privileges and gain access to read, modify, and/or add data.

The vulnerability of the Service Layer component of the SAP Business One resource management system is related to improper session management. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain access to read, modify, and/or add data...

6.8CVSS5.5AI score0.00276EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.3 views

ZOHO ManageEngine ADSelfService Plus 授权问题漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...

8.1CVSS9AI score0.01426EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/08 4:42 a.m.8 views

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

5.3CVSS6.8AI score0.00217EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.5 views

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

10CVSS5.5AI score0.00442EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.5 views

The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.

The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

10CVSS5.5AI score0.00224EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-5374 · Broadcom · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP addres...

5.3CVSS6.9AI score0.00217EPSS
Exploits0References7
Veracode
Veracode
added 2025/01/13 9:0 a.m.8 views

Session Fixation

NiceGUI is vulnerable to Session Fixation. The vulnerability is due to improper session handling, where authenticating with NiceGUI logged in the user across all browsers, including those in incognito mode...

7.5CVSS7AI score0.00368EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/11/06 12:46 p.m.10 views

Improper Session Termination

umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...

4.2CVSS6.7AI score0.00247EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/09/10 7:53 a.m.5 views

Session Fixation

Keycloak is vulnerable to session fixation. The vulnerability is due to improper session management, as the session ID and JSESSIONID cookie are not updated upon login, allowing attackers to hijack a session before authentication and trigger session fixation...

7.1CVSS6.9AI score0.008EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2024/08/06 7:45 a.m.17 views

Insufficient Session Expiration

apacheairflowprovidersfab is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper session management, which fails to terminate user sessions upon logout and allowing attackers to continue accessing a user’s session or account...

9.8CVSS6.7AI score0.00921EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/06/20 7:32 a.m.16 views

Insecure Authentication

magento/community-edition is vulnerable to Insecure authentication. The vulnerability is due to improper session handling that allows an unauthenticated user to append arbitrary session IDs which will not be invalidated by subsequent authentication, allowing attackers to hijack or manipulate user...

9.8CVSS6.9AI score0.0214EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.3 views

The vulnerability of the QNAP TS-X41 network storage device, related to improper session management, allows a hacker to intercept the user’s session.

The vulnerability of the QNAP TS-X41 network storage device is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...

8.5CVSS5.5AI score
Exploits0
Rows per page
Query Builder