Lucene search
K

471 matches found

CVE
CVE
added 2025/11/12 3:27 p.m.29 views

CVE-2025-9316

CVE-2025-9316 affects N-able N-Central versions before 2025.4, enabling unauthenticated sessionID generation and potential session hijack. A nuclei template and advisories describe it as an authentication bypass; mitigations cite updating to 2025.4 or later. Some sources also reference combining ...

6.9CVSS6.7AI score0.37335EPSS
In wildExploits2References1
Cvelist
Cvelist
added 2025/11/12 3:27 p.m.18 views

CVE-2025-9316 N-central unauthenticated sessionID generation

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

6.9CVSS0.37335EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46661

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 multi Description The authentication cookie used by the device exposes the account password hash to the client and utilizes a short, low-entropy suffix as the session identifier. An attacker with network access o...

9.8CVSS7.2AI score0.00431EPSS
Exploits1References5
OSV
OSV
added 2025/10/24 1:28 p.m.1 views

SUSE-SU-2025:3788-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...

4.7CVSS6.9AI score0.00375EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/21 6:33 p.m.4 views

CVE-2025-6515

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.8AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/20 6:30 p.m.3 views

EUVD-2025-35077

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.3AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2025/10/20 5:15 p.m.4 views

CVE-2025-6515

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/10/20 4:13 p.m.10 views

CVE-2025-6515

The CVE concerns oatpp-mcp’s MCP SSE endpoint, where a session ID is derived from an instance pointer instead of a unique, cryptographically secure value. This enables a network attacker with access to the oatpp-mcp server to predict/guess future session IDs, hijack legitimate MCP sessions, and c...

6.8CVSS6.5AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from failure to regenerate the session ID after successful authentication, which could lead to a session...

2.2CVSS6.6AI score0.00156EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/10/14 3:20 p.m.5 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange KEX process bsc1246974 CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange bsc1249375 Patch Instructions: To install this SUSE upda...

5.7CVSS7.1AI score0.00375EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-12783

Malware in sbrugna...

5.5CVSS5.5AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-0309

Malware in sbrugna...

7.5CVSS6.4AI score0.03454EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2005-4724

Malware in sbrugna...

5CVSS6.4AI score0.01377EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4419

Malware in sbrugna...

7.5CVSS6.4AI score0.04382EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-4329

Malware in sbrugna...

8.5CVSS6.4AI score0.02279EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2006-4421

Malware in sbrugna...

7.5CVSS6.4AI score0.01843EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-0842

Malware in sbrugna...

7.5CVSS6.4AI score0.06426EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19107

Malware in sbrugna...

8.8CVSS8.8AI score0.01638EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30234

Malware in sbrugna...

9CVSS8.8AI score0.01691EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4420

Malware in sbrugna...

7.5CVSS6.4AI score0.02041EPSS
Exploits0References8
Rows per page
Query Builder