CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

PT-2026-44122

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software accepts client-supplied session id values in WebSocket task messages and reuses...

Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass

Vulnerability description not provided...

CVE-2022-50975

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

CVE-2025-36115

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36115

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

EUVD-2020-21394

Malware in sbrugna...

EUVD-2020-27791

Malware in sbrugna...

EUVD-2019-16143

Malware in sbrugna...

EUVD-2022-28957

Malicious code in bioql PyPI...

EUVD-2025-22446

Malicious code in bioql PyPI...

CVE-2025-36117

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36117

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36117

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2020-6644

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

CVE-2024-35050

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin...

CVE-2024-35050

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin...

CVE-2024-35050

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin...