CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

iDempiere WebUI version 12.0.0.202508171158 suffers from a session fixation vulnerability. The application does not issue a new session identifier JSESSIONID after successful authentication. An attacker who can set or predict a victim’s session ID prior to login may hijack the victim’s...

7.3AI score

Exploits0

Tenable Nessus•added 2025/08/18 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2020-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks...

9.6CVSS6.7AI score0.10736EPSS

Exploits2References2

RedhatCVE•added 2025/05/23 6:5 a.m.•2 views

CVE-2023-30056

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...

7.5CVSS6.9AI score0.00956EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 9:59 p.m.•6 views

CVE-2022-44788

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login...

6.5CVSS6.8AI score0.00615EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:26 p.m.•5 views

CVE-2021-38618

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement...

8.1CVSS7.1AI score0.00966EPSS

Exploits0References1

Vulnrichment•added 2025/01/31 5:47 a.m.•8 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS5.3AI score0.0018EPSS

Exploits0References1

CVE•added 2024/09/09 6:51 p.m.•337 views

CVE-2024-7341

CVE-2024-7341 describes a session fixation flaw in Keycloak’s SAML adapters (Elytron SAML) where the session ID and JSESSIONID cookie are not rotated on login, even with turnOffChangeSessionIdOnLogin enabled. This allows an attacker who hijacks the current session before authentication to trigger...

7.1CVSS6.9AI score0.008EPSS

Exploits0References12Affected Software1

Packet Storm•added 2024/03/20 12:0 a.m.•409 views

Hitachi NAS SMU 14.8.7825 Information Disclosure

Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=Tru...

7.6CVSS7.4AI score0.01583EPSS

Exploits5

IBM Security Bulletins•added 2023/11/28 11:19 p.m.•21 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2023-38268)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-38268 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

8.8CVSS8.6AI score0.00299EPSS

Exploits0Affected Software1

GithubExploit•added 2023/07/07 7:48 a.m.•376 views

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...

8.6CVSS7.4AI score0.99998EPSS

Exploits14

IBM Security Bulletins•added 2023/06/28 7:56 p.m.•32 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat (CVE-2023-28708)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat due to the missing of secure attribute in some configurations for JSESSIONID Cookie CVE-2023-28708. Apache Tomca is included as part of the java microservices in our...

4.3CVSS5.8AI score0.01831EPSS

Exploits0Affected Software1

NVD•added 2023/05/09 9:15 p.m.•7 views

CVE-2023-30056

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...

7.5CVSS7.5AI score0.00956EPSS

Exploits2References3

Prion•added 2023/05/09 9:15 p.m.•13 views

Session fixation

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...

5CVSS7.4AI score0.00956EPSS

Exploits2References3Affected Software1

IBM Security Bulletins•added 2023/05/09 12:1 p.m.•30 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment featu...

9.8CVSS7.1AI score0.01831EPSS

Exploits1Affected Software1

Vulnrichment•added 2023/05/09 12:0 a.m.•6 views

CVE-2023-30056

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie...

7.5AI score0.00956EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by