Lucene search
+L

1477 matches found

CVE
CVE
β€’added 2026/04/22 1:54 p.m.β€’20 views

CVE-2026-31476

In the Linux kernel component ksmbd, CVE-2026-31476 describes a logic flaw where a multichannel session binding request that fails (for example, due to a wrong password) could cause the targeted session to be marked SMB2_SESSION_EXPIRED. Because the failed binding may reference a session from ano...

8.2CVSS5.6AI score0.00499EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
β€’added 2026/04/22 1:54 p.m.β€’3 views

CVE-2026-31476

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

5.5AI score0.00499EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
β€’added 2026/04/22 1:54 p.m.β€’36 views

CVE-2026-31476 ksmbd: do not expire session on binding failure

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

8.2CVSS0.00499EPSS
Exploits0References7
OSV
OSV
β€’added 2026/04/22 1:54 p.m.β€’4 views

CVE-2026-31476 ksmbd: do not expire session on binding failure

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

8.2CVSS6.7AI score0.00499EPSS
Exploits0References10
Positive Technologies
Positive Technologies
β€’added 2026/04/22 12:0 a.m.β€’8 views

PT-2026-34381

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the ksmbd module occurs when a multichannel session binding request fails, such as due to an incorrect password. In these instances, the error path unconditionally sets the...

8.8CVSS6AI score0.00499EPSS
Exploits0References51
FreeBSD
FreeBSD
β€’added 2026/04/22 12:0 a.m.β€’14 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...

5.7AI score
Exploits0References1
Snyk
Snyk
β€’added 2026/04/15 7:19 p.m.β€’8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/15 7:19 p.m.β€’10 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/15 7:19 p.m.β€’11 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/15 7:19 p.m.β€’13 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/14 11:39 p.m.β€’5 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/04/14 11:38 p.m.β€’8 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to the caching of user roles and permissions in the session at login, which are not refreshed after changes in the...

8.8CVSS5.8AI score0.00325EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/14 11:11 p.m.β€’5 views

Insufficient Session Expiration

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Insufficient Session Expiration through the SignInPage handler in oauthproxy.go. An attacker can keep a...

6.9CVSS5.8AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/10 3:31 p.m.β€’8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/10 3:31 p.m.β€’3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/10 3:31 p.m.β€’6 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/09 5:36 p.m.β€’4 views

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to terminate existing WebSocket sessions upon shared gateway token rotation. An attacker can maintain unauthorized access to an active...

5.9CVSS5.7AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/04/09 5:34 p.m.β€’12 views

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the resolvedAuth process becoming outdated after a configuration reload. An attacker can maintain unauthorized access by leveraging stale...

5.4CVSS5.8AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/09 12:10 p.m.β€’2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the logout handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/auth.py and the token validation path in airflow-core/src/airflow/apifastapi/auth/managers/baseauthmanager.py. An...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References2
OSV
OSV
β€’added 2026/04/08 3:32 a.m.β€’8 views

GHSA-8JG2-726G-XH43 parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.8AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder