471 matches found
CVE-2025-9316
CVE-2025-9316 affects N-able N-Central versions before 2025.4, enabling unauthenticated sessionID generation and potential session hijack. A nuclei template and advisories describe it as an authentication bypass; mitigations cite updating to 2025.4 or later. Some sources also reference combining ...
CVE-2025-9316 N-central unauthenticated sessionID generation
N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...
PT-2025-46661
Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 multi Description The authentication cookie used by the device exposes the account password hash to the client and utilizes a short, low-entropy suffix as the session identifier. An attacker with network access o...
SUSE-SU-2025:3788-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...
CVE-2025-6515
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
EUVD-2025-35077
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
CVE-2025-6515
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
CVE-2025-6515
The CVE concerns oatpp-mcp’s MCP SSE endpoint, where a session ID is derived from an instance pointer instead of a unique, cryptographically secure value. This enables a network attacker with access to the oatpp-mcp server to predict/guess future session IDs, hijack legitimate MCP sessions, and c...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from failure to regenerate the session ID after successful authentication, which could lead to a session...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange KEX process bsc1246974 CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange bsc1249375 Patch Instructions: To install this SUSE upda...
EUVD-2020-12783
Malware in sbrugna...
EUVD-2012-0309
Malware in sbrugna...
EUVD-2005-4724
Malware in sbrugna...
EUVD-2006-4419
Malware in sbrugna...
EUVD-2015-4329
Malware in sbrugna...
EUVD-2006-4421
Malware in sbrugna...
EUVD-2007-0842
Malware in sbrugna...
EUVD-2019-19107
Malware in sbrugna...
EUVD-2020-30234
Malware in sbrugna...
EUVD-2006-4420
Malware in sbrugna...