Lucene search
K

44 matches found

Vulnrichment
Vulnrichment
added 2025/12/16 6:16 a.m.4 views

CVE-2025-62330 HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information

HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive...

5.9CVSS6.2AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 6:16 a.m.15 views

CVE-2025-62330

CVE-2025-62330 affects HCL DevOps Deploy. The vulnerability arises from cleartext transmission due to the HTTP port remaining accessible and not redirecting to HTTPS, enabling an attacker with network access to intercept or modify user credentials and session data via passive monitoring or MITM-s...

5.9CVSS6.2AI score0.00133EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/12/13 7:48 a.m.4 views

Race Condition

Agno is vulnerable to a race condition. The vulnerability is due to improper handling of sessionstate under high concurrency during run or arun calls, which allows an attacker to cause session data to be incorrectly assigned and persisted, potentially exposing one user's session data to another...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/04 4:15 a.m.6 views

CVE-2025-12585

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

5.3CVSS6.1AI score0.00284EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2021-22897)

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single static variable in the library, which has the surprising...

5.3CVSS6.8AI score0.02979EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.5 views

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...

5.3CVSS6.8AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 5:10 p.m.10 views

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...

5.3CVSS0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-6562

Malware in sbrugna...

5CVSS6.4AI score0.01339EPSS
Exploits1References5
OSV
OSV
added 2024/09/05 1:15 p.m.3 views

CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

6.1CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.23 views

PT-2024-39038 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...

6.3CVSS5.6AI score0.00239EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.8 views

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus, related to access control deficiencies, allows a perpetrator to view data recorded by other users’ sessions.

The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to view data recorded by other users’ sessions...

5.5CVSS5.5AI score0.00458EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.5 views

PT-2024-37301 · Unknown · Soar Cloud Hr Portal

Name of the Vulnerable Software and Affected Versions: Soar Cloud HR Portal affected versions not specified Description: The issue concerns notification emails sent by Soar Cloud HR Portal, which contain a link with embedded session data. These emails are sent without using an encrypted...

6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.7 views

PT-2024-19178 · Zte · Zxun-Epdg

Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...

8.3CVSS7AI score0.00457EPSS
Exploits0References6
OSV
OSV
added 2024/04/30 10:15 a.m.8 views

CVE-2024-4337

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...

7.4CVSS5.8AI score0.00383EPSS
Exploits0References1
Snyk
Snyk
added 2024/02/24 11:22 p.m.2 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...

5.3CVSS6.7AI score0.01119EPSS
Exploits0References2
OSV
OSV
added 2023/11/02 5:15 p.m.3 views

CVE-2023-4217

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation...

5.3CVSS5.7AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.8 views

PT-2023-8929 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: The issue is related to unauthenticated, stored cross-site scripting in the display of alarm reduction keys, which could allow an attacker to...

7.1CVSS6.2AI score0.00493EPSS
Exploits0References9
OSV
OSV
added 2022/12/13 4:15 p.m.6 views

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...

5.3CVSS5.7AI score0.00677EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.5 views

LDAP Account Manager 跨站脚本漏洞

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...

6.1CVSS5.2AI score0.00259EPSS
Exploits0References8
CNVD
CNVD
added 2018/05/21 12:0 a.m.6 views

totemomail Encryption Gateway Information Disclosure Vulnerability

totemomail Encryption Gateway is a gateway for email encryption. A security vulnerability exists in versions prior to totemomail Encryption Gateway 6.0b567. A remote attacker can exploit this vulnerability by performing a JSONP hijacking attack to obtain sensitive information about user sessions...

7.5CVSS6.5AI score0.00736EPSS
Exploits1References1
Rows per page
Query Builder