Lucene search
K

221 matches found

Snyk
Snyk
added 2025/09/06 4:0 a.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS6.9AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
OSV
OSV
added 2025/09/06 2:30 a.m.5 views

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.5AI score0.00349EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2025/09/05 8:19 p.m.24 views

Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

8.1CVSS8AI score0.00349EPSS
Exploits1References9Affected Software1
GithubExploit
GithubExploit
added 2025/08/22 2:34 a.m.170 views

Exploit for CVE-2025-1337

PoC para CVE-2025-1337 Prueba de concepto para la vulnerabili...

5.1CVSS4AI score0.00489EPSS
Exploits3
NVD
NVD
added 2025/08/06 9:15 p.m.13 views

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

8.7CVSS0.005EPSS
Exploits0References1
CVE
CVE
added 2025/08/06 8:45 p.m.27 views

CVE-2025-7770

CVE-2025-7770 affects Tigo Energy Cloud Connect Advanced (CCA). The vulnerability is insecure session ID generation in the remote API, where session IDs are produced by a predictable method based on the current timestamp, enabling attackers to recreate valid session IDs. Combined with bypassing s...

8.7CVSS6.3AI score0.005EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.5 views

Tigo Energy Cloud Connect Advanced 安全漏洞

Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A security vulnerability exists in Tigo Energy Cloud Connect Advanced that stems from insecure session ID generation that could lead to unauthorized access...

8.7CVSS6.5AI score0.005EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.6 views

PT-2025-32228 · Tigo Energy · Tigo Energy Cca

Name of the Vulnerable Software and Affected Versions: Tigo Energy CCA device affected versions not specified Description: The Tigo Energy CCA device is susceptible to insecure session ID generation within its remote API. Session IDs are created using a predictable method based on the current...

9CVSS6.2AI score0.005EPSS
Exploits0References7
Veracode
Veracode
added 2025/07/25 5:28 a.m.4 views

Sensitive Information Disclosure

BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...

8CVSS6AI score0.00304EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/07/17 2:15 p.m.7 views

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS0.00252EPSS
Exploits0References3
OSV
OSV
added 2025/07/17 2:15 p.m.1 views

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/17 1:33 p.m.2 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

7AI score0.00252EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.4 views

Plack::Middleware::Session 安全漏洞

Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.35 that stems from insecure session ID generation...

7.3CVSS6.4AI score0.00329EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.5 views

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of affected device...

9.8CVSS7AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 a.m.8 views

CVE-2019-7336

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later insecurely. The values of the MonitorName and Source parameters are being displayed without any...

6.1CVSS5.8AI score0.00873EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-43G4-487M-5Q6M Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

7.6CVSS8AI score0.00659EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS7.7AI score0.00659EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder