23 matches found
CVE-2026-50744
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...
CVE-2026-45180
CVE-2026-45180 affects Catalyst::Plugin::Statsd for Perl up to version 0.10.0. The issue is leakage of session IDs when the communication channel to the statsd daemon is unsecured (e.g., UDP to a different network). This could allow an attacker to use leaked session IDs as authentication tokens. ...
CVE-2026-45180 Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...
curl: libcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay
Summary: libcurl automatically learns RTSP Session: headers from server responses and stores them in data-set.strSTRINGRTSPSESSIONID in lib/rtsp.c:1015-1033. On later RTSP requests using the same easy handle, rtspdo reads that easy-handle-scoped value at lib/rtsp.c:373 and unconditionally emits...
PT-2026-32011
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Open Redirect flaw in the session course edit page. An attacker can redirect an authenticated administrator to an...
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...
CVE-2026-22082
CVE-2026-22082 affects Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router. The root cause is using login credentials as the session ID in the web-based admin interface, allowing a remote attacker to hijack an authenticated session by intercepting unsecured traffic. Impact cited: exposure...
EUVD-2021-24240
Malware in sbrugna...
EUVD-2020-27328
Malware in sbrugna...
EUVD-2012-4457
Malware in sbrugna...
EUVD-2021-24241
Malware in sbrugna...
PT-2025-34845 · Unknown · Cgm Clininet
Name of the Vulnerable Software and Affected Versions: CGM CLININET affected versions not specified Description: The issue involves a session ID leak when saving a file downloaded from CGM CLININET. The session identifier is exposed through a built-in Windows security feature that stores addition...
CVE-2021-37760
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...
CVE-2021-37759
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...
SecurePoint UTM 12.x Session ID Leak Vulnerability
ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date published: 2023-04-11 CVSSv3 Score: 9.0...
Graylog permission permission and access control issue vulnerability (CNVD-2021-61088)
Graylog is a centralized log management solution from Graylog, Inc. The product supports capturing, storing, and analyzing logs in real-time, among other things. graylog suffers from a permission permission and access control issue vulnerability that stems from a session ID leak in audit logs pri...
CVE-2021-37759
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...
CVE-2021-37760
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...
CVE-2021-37759
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges to the access level of the leaked session ID...
CVE-2021-37759
Graylog prior to 4.1.2 is affected by a Session ID leak in the DEBUG log file that allows an attacker to escalate privileges to the leaked session ID. Affected product: Graylog (before 4.1.2). Root cause: leakage of session IDs via DEBUG logs. Impact: potential privilege elevation with the leaked...