Lucene search
+L

47 matches found

Cvelist
Cvelist
added yesterday27 views

CVE-2026-62241 clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS0.00389EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-61503

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS0.00747EPSS
Exploits0References2
OSV
OSV
added 5 days ago5 views

CVE-2026-61503 Rejetto HFS < 3.2.1 Username Enumeration via Login Response Differences

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS6.1AI score0.00343EPSS
Exploits0References5
CVE
CVE
added 5 days ago12 views

CVE-2026-61503

CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...

6.9CVSS6.1AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-61500 Rejetto HFS < 3.2.1 Session Forgery via Predictable Signing Key

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS0.00747EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-56278

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...

9.3CVSS0.0036EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/30 2:32 p.m.154 views

Exploit for CVE-2026-41940

SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...

9.8CVSS7.1AI score0.981EPSS
Exploits64
OSV
OSV
added 2026/04/08 12:15 a.m.13 views

GHSA-33QG-7WPP-89CQ Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted ...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/07 6:13 p.m.4 views

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/07 12:16 a.m.131 views

Exploit for CVE-2026-39324

CVE-2026-39324 Rack::Session::Cookie decrypt failure falls...

5.8AI score0.0027EPSS
Exploits1
NVD
NVD
added 2026/04/01 6:16 p.m.10 views

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

9.8CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 5:4 p.m.3 views

CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

8.2CVSS5.8AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.16 views

PT-2026-29574

Auth0-PHP versions 8.0.0 through 8.18.0 Description: The Auth0-PHP SDK uses insufficient entropy for cookie encryption. This could allow attackers to brute-force the encryption key and forge session cookies. This affects applications using Auth0-PHP versions 8.0.0 through 8.18.0, as well as...

9.8CVSS5.9AI score0.00221EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/23 3:30 p.m.12 views

EUVD-2026-14415

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecospw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 1:16 p.m.11 views

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

9.8CVSS0.00281EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:9 p.m.8 views

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/23 12:9 p.m.15 views

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware

9.8CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/03/21 3:47 p.m.180 views

Exploit for CVE-2026-21994

CVE-2026-21994 Summary Oracle OKIT oci-designer-tool...

9.8CVSS5.8AI score0.00448EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/20 2:38 a.m.30 views

CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the...

9CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder