CVE-2021-4467 Positive Technologies MaxPatrol 8 & XSpider Remote DoS

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

PT-2025-47018

Name of the Vulnerable Software and Affected Versions Positive Technologies MaxPatrol 8 affected versions not specified Positive Technologies XSpider affected versions not specified Description The client communication service, listening on TCP port 2002, is susceptible to a remote...

EUVD-2025-131915

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

CVE-2025-9316 N-central unauthenticated sessionID generation

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

Tenda AC15 安全漏洞

Tenda AC15 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC15 version v15.03.05.18multi, which stems from an authentication cookie that exposes a password hash and uses a low entropy session identifier, which could lead to session hijacking...

PT-2025-46665

Name of the Vulnerable Software and Affected Versions N-central versions prior to 2025.4 Description N-central versions before 2025.4 can generate sessionIDs for users without authentication. This allows unauthenticated users to potentially gain access to the system. Recommendations Update...

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

EUVD-2025-36741

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

CVE-2025-61115

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

PT-2025-44420

Name of the Vulnerable Software and Affected Versions ABC Fine Wine & Spirits Android App versions v.11.27.5 and before Description The ABC Fine Wine & Spirits Android App does not properly validate user passwords during authentication, potentially allowing attackers to bypass login checks and...

CVE-2025-54459

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...

CVE-2025-54459

Vulnerability summary: CVE-2025-54459 affects the Hospital Manager Backend Services (Vertikal Systems), where the ASP.NET tracing endpoint /trace.axd was exposed without authentication before 19 September 2025. This allowed remote attackers to obtain live request traces and sensitive data such as...

GHSA-2HVH-CW5C-8Q8Q CKAN vulnerable to fixed session IDs

Impact Session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers...

CVE-2025-64100

CKAN (open-source data management system) is vulnerable to session fixation prior to versions 2.10.9 and 2.11.4 when server-side session storage is configured (CKAN uses cookie-based storage by default). An attacker could fix a victim's session ID by setting a cookie or stealing a valid session. ...

PT-2025-44340

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.9 CKAN versions prior to 2.11.4 Description CKAN, an open-source data management system, is affected by an issue where session identifiers could be predictable by an attacker if the system is configured to use...