Lucene search
K

520 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the SAML (Security Assertion Markup Language) technology in the PAN-OS operating system allows a perpetrator to increase their privileges.

The vulnerability of the SAML Security Assertion Markup Language technology in the PAN-OS operating system is related to improper session management. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.5CVSS5.4AI score0.00354EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2025/04/01 2:19 p.m.9 views

GHSA-7C5V-895V-W4Q5 jooby-pac4j: deserialization of untrusted data

Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...

8.8CVSS7.1AI score0.00612EPSS
Exploits0References6
Snyk
Snyk
added 2025/03/31 7:42 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session handling logic in SessionStoreImplget. An attacker can execute code by sending a malicious payload beginning with "b64", which is deserialized unsafely. Details Serialization is a process...

8.8CVSS7.3AI score0.00612EPSS
Exploits0References2
CVE
CVE
added 2025/03/27 4:37 p.m.76 views

CVE-2021-4454

CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/03/25 5:15 a.m.12 views

CVE-2024-8314

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

5.5CVSS0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/25 4:30 a.m.7 views

CVE-2024-8314 Improper session handling in B&R APROL

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

5.5CVSS7AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 4:30 a.m.53 views

CVE-2024-8314

CVE-2024-8314 affects B&R APROL

5.5CVSS7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/25 4:30 a.m.15 views

CVE-2024-8314 Improper session handling in B&R APROL

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

5.5CVSS0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/22 12:0 a.m.6 views

PT-2025-16681

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue can occur in the Linux kernel's ksmbd component, specifically in the ksmbd sessions deregister function. This issue arises in multichannel mode when the second...

8.8CVSS7.7AI score0.00599EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/15 8:10 a.m.14 views

CVE-2024-57062

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...

6.7CVSS6.4AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2025/03/13 4:15 p.m.5 views

CVE-2024-57062

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...

6.7CVSS5.8AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2025/03/13 4:15 p.m.17 views

CVE-2024-57062

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...

6.7CVSS0.00117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.7 views

CVE-2024-57062

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...

6.2AI score0.00117EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 12:0 a.m.56 views

CVE-2024-57062

CVE-2024-57062 affects the SoundCloud iOS app, version 7.65.2. The issue is a privilege escalation via the app’s session handling component, enabling a local attacker to access sensitive information. The connected sources confirm the affected software/version and the local-exploitability vector, ...

6.7CVSS6.2AI score0.00117EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-44513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. CVE-2021-44513 Not...

7CVSS7.1AI score0.00212EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2016-6290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows...

9.8CVSS8.2AI score0.0548EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus 授权问题漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...

8.1CVSS9AI score0.01426EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/20 12:24 a.m.7 views

CVE-2024-57056

Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...

5.4CVSS6.7AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 4:1 p.m.6 views

USN-7272-1 symfony vulnerabilities

Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...

8.8CVSS6.6AI score0.63422EPSS
Exploits1References10
Ubuntu
Ubuntu
added 2025/02/18 4:1 p.m.40 views

USN-7272-1: Symfony vulnerabilities

Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...

8.8CVSS6.2AI score0.63422EPSS
Exploits1
Rows per page
Query Builder