Lucene search
+L

1407 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 3:4 a.m.3 views

CVE-2026-29093

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who...

8.1CVSS5.9AI score0.0049EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/06 3:4 a.m.20 views

CVE-2026-29093

CVE-2026-29093 affects WWBN AVideo prior to 24.0, where the official docker-compose.yml exposes memcached on host port 11211 without authentication and the PHP session store uses that memcached instance. An attacker who can reach 0.0.0.0:11211 can read, modify, or flush PHP session data, enabling...

9.8CVSS5.9AI score0.0049EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/06 3:4 a.m.4 views

CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who...

8.1CVSS5.8AI score0.0049EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 24.0 contained security vulnerabilities. These vulnerabilities stemmed from the memcached service not enabling authentication, which could lead to session hijacking and...

9.8CVSS5.8AI score0.0049EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/05 1:22 a.m.7 views

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

9.8CVSS6.1AI score0.0049EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 1:22 a.m.4 views

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

8.1CVSS6.1AI score0.0049EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23437

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description The AVideo application's official docker-compose.yml file publishes the memcached service on host port 11211 0.0.0.0:11211 without authentication. The Dockerfile configures PHP to store all user sessio...

9.8CVSS6AI score0.0049EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.6 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS6.1AI score0.00404EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:31 p.m.11 views

EUVD-2018-21615

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.1AI score0.00404EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 9:16 p.m.9 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS0.00404EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 9:16 p.m.6 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS6.1AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 8:15 p.m.4 views

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.1AI score0.00404EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 8:15 p.m.18 views

CVE-2018-25160

Summary (CVE-2018-25160) : The Perl package HTTP::Session2 (versions through 1.09) does not validate the format of user-provided session IDs, enabling potential code injection or other impact depending on the session backend. Red Hat and EU/ENISA entries corroborate that insecure session-id handl...

6.5CVSS6.1AI score0.00404EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:15 p.m.5 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS6.1AI score0.00404EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 8:15 p.m.23 views

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

0.00404EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22399

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions through 1.09 Description The software does not properly validate user-provided session IDs, which could allow for code injection or other impacts depending on the session backend. For example, if memcached is used for...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References7
CBLMariner
CBLMariner
added 2026/02/09 11:37 p.m.6 views

CVE-2026-24809 affecting package memcached for versions less than 1.6.27-4

CVE-2026-24809 affecting package memcached for versions less than 1.6.27-4. A patched version of the package is available...

6.9CVSS5.5AI score0.00139EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/02/05 10:21 p.m.4 views

CVE-2026-24809 affecting package memcached for versions less than 1.6.22-3

CVE-2026-24809 affecting package memcached for versions less than 1.6.22-3. A patched version of the package is available...

6.9CVSS5.3AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/01/27 9:15 a.m.11 views

AZL-75521 CVE-2026-24809 affecting package memcached for versions less than 1.6.22-3

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

6.9CVSS5.7AI score0.00139EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 9:15 a.m.10 views

AZL-75464 CVE-2026-24809 affecting package memcached for versions less than 1.6.27-4

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

6.9CVSS5.7AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder