CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits0References5Affected Software1

CVE•added 3 days ago•11 views

CVE-2026-10212

CVE-2026-10212 concerns AstrBotDevs AstrBot 4.24.2, where the vulnerability resides in the function astr_main_agent of astrbot/core/astr_main_agent.py . Manipulation of the argument session_id enables an authorization bypass, with a remote attack possible. Public exploit availability is noted, an...

Vulnrichment•added 3 days ago•4 views

Exploits0References5

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

Positive Technologies•added 3 days ago•8 views

Exploits0References5

PT-2026-45244

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr main agent of the file astrbot/core/astr main agent.py. Such manipulation of the argument session id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly...

OSV•added 6 days ago•4 views

Exploits0References6

GHSA-MCH8-WF3H-6X88 Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

4.4CVSS5.8AI score

EUVD•added 6 days ago•6 views

EUVD-2026-33338

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS5.8AI score0.00022EPSS

Positive Technologies•added 6 days ago•5 views

PT-2026-45044

4.4CVSS5.8AI score

Exploits0References3

Tenable Nessus•added 2026/05/28 12:0 a.m.•8 views

Debian dla-4602 : lemonldap-ng - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...

8CVSS6AI score0.00053EPSS

Exploits0References6

Cvelist•added 2026/05/27 9:56 p.m.•32 views

CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00027EPSS

Vulnrichment•added 2026/05/27 9:56 p.m.•3 views

CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

5.9CVSS5.8AI score0.00027EPSS

EUVD•added 2026/05/27 9:53 p.m.•5 views

EUVD-2026-32673

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.8AI score0.00034EPSS

Cvelist•added 2026/05/27 9:53 p.m.•29 views

CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

5.3CVSS0.00034EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-44122

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software accepts client-supplied session id values in WebSocket task messages and reuses...

5.3CVSS5.8AI score0.00034EPSS

Exploits0References3

SUSE CVE•added 2026/05/22 2:19 a.m.•4 views

SUSE CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00018EPSS

Exploits0References3

NVD•added 2026/05/21 8:16 a.m.•5 views

CVE-2026-44064

7.1CVSS0.00018EPSS

EUVD•added 2026/05/21 7:34 a.m.•3 views

EUVD-2026-31240

7.1CVSS5.8AI score0.00018EPSS

CVE•added 2026/05/21 7:34 a.m.•12 views

CVE-2026-44064

Netatalk contains an out-of-bounds access in the ASP session ID handling (affecting 1.3 through 4.4.2). This could allow information disclosure or DoS; CVE-2026-44064 is fixed in 4.4.3. Affected: Netatalk 1.3–4.4.2. Root cause: out-of-bounds read in ASP session ID handling. Remediation: upgrade t...

7.1CVSS5.8AI score0.00018EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validating the session ID and tree ID in compound requests. The function smb2getmsg in smb2getksmbdtcon and smb2checkusersession always returns the first command in a compound request’s header. If SMB2TREECONNECTHE is the...

5.5CVSS6.2AI score0.00144EPSS

Snyk•added 2026/05/19 10:51 a.m.•3 views

User Impersonation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to User Impersonation through the SessionCodeChecks logic in SessionCodeChecks.java. An attacker can reuse an...

7.7CVSS5.8AI score0.00021EPSS