Lucene search
K

520 matches found

EUVD
EUVD
added 2026/04/19 12:31 p.m.6 views

EUVD-2026-23692

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 10:16 a.m.8 views

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/04/19 9:30 a.m.35 views

CVE-2026-6564

EMQ EMQX Enterprise up to 6.1.0 contains a vulnerability in an unknown function of the Session Handling component that leads to improper authorization. The issue can be exploited remotely and an exploit is publicly available. Affected product: EMQX Enterprise (

5.3CVSS5.3AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 9:30 a.m.31 views

CVE-2026-6564 EMQ EMQX Enterprise Session Handling improper authorization

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 9:30 a.m.6 views

CVE-2026-6564 EMQ EMQX Enterprise Session Handling improper authorization

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 9:30 a.m.7 views

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.5 views

PT-2026-33625

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:34 p.m.7 views

Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205.

Summary IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

4.3CVSS4.8AI score0.00459EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2026/02/28 5:12 a.m.24 views

Sensitive Information Exposure

Flask is vulnerable to Sensitive Information Exposure. The vulnerability is due to incomplete handling of the Vary: Cookie header when accessing the session object, where certain access patterns e.g., using the in operator fail to mark responses as user-specific, allowing caching proxies to store...

4.3CVSS5.7AI score0.00374EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.8 views

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

4.3CVSS6.5AI score0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References191
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

IBM Security QRadar EDR 代码问题漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are code-related vulnerabilities in versions 3.12 to 3.12.23 of IBM Security QRadar EDR. These vulnerabilities stem from the failure to invalidate sessions after they...

8.8CVSS5.8AI score0.00185EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.5 views

libssh 0.7.6 Advanced SSH Security Testing Tool

This is an advanced SSH security testing tool for libssh that provides robust session management, signal handling, safe memory management, and multiple operational modes while also checking banners to see if libssh is vulnerable to CVE-2018-10933...

9.1CVSS5.5AI score0.91789EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6770

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.6 Description A flaw exists in Open5GS impacting the sgwc s5c handle modify bearer response/sgwc sxa handle session modification response function within the PGW S5U Address Handler component. This can lead to a null...

6.9CVSS5.4AI score0.00652EPSS
Exploits1References10
CVE
CVE
added 2026/01/21 7:18 p.m.13 views

CVE-2025-68136

CVE-2025-68136 (EVerest) affects the EV charging software stack prior to version 2025.10.0. On SDP requests, the module creates a new set of objects (Session, IConnection) and opens a new TCP socket for ISO15118-20 communications, registering callbacks for the new file descriptor without closing/...

7.4CVSS5.5AI score0.00266EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/01/21 7:18 p.m.23 views

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS0.00266EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 7:18 p.m.8 views

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS5.5AI score0.00266EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 7 : httpd-2.4.6-95.0.1.el7.AXS7 (AXSA:2020-639:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-639:02 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...

8.1CVSS6.5AI score0.86006EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.5 views

CVE-2016-10801

cPanel before 58.0.4 has improper session handling for shared users SEC-139...

8.8CVSS6.9AI score0.0114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.6 views

CVE-1999-0837

Denial of service in BIND by improperly closing TCP sessions via solinger...

10CVSS7AI score0.02736EPSS
Exploits0References1
Rows per page
Query Builder