Lucene search
K

3951 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 2:12 p.m.8 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 2:12 p.m.41 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS0.00215EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:12 p.m.6 views

CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 2:12 p.m.39 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47298

Name of the Vulnerable Software and Affected Versions ninenines gun versions 2.0.0 through 2.3.x Description An origin validation error in the gun http2 module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the push promise frame function, the...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.8 views

CVE-2026-41839: Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user...

4.2CVSS5.7AI score0.00197EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-11335

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.18 views

CVE-2025-65415

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application...

5.4CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-43827

A flaw was found in Apache Shiro. This vulnerability, known as session fixation, allows an attacker to hijack a user's session. This occurs because the system fails to invalidate an existing session or generate a new session identifier after a user successfully logs in. Consequently, a remote...

7.1CVSS5.8AI score0.00412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39963

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipitysetCookie function in include/functionsconfig.inc.php uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker who can influence the Host header at login time, such as vi...

6.9CVSS5.3AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-30808

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800...

8.1CVSS5.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.6AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 3:16 p.m.13 views

CVE-2026-11335

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS0.00232EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/05 2:30 p.m.36 views

CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS0.00232EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 2:30 p.m.12 views

EUVD-2026-34842

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:30 p.m.8 views

CVE-2026-11335

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 2:30 p.m.10 views

CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 2:30 p.m.22 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.5 views

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...

7.5CVSS6.4AI score0.00232EPSS
Exploits0References7
Rows per page
Query Builder