PT-2025-34848 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The paths /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl expose data containing session IDs...

Linux Distros Unpatched Vulnerability : CVE-2017-12870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and...

Linux Distros Unpatched Vulnerability : CVE-2001-1534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID,...

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable...

CVE-2023-3866

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So...

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable...

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from incorrect generation of session identifiers. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced CCA, is related to the improper generation of session identifiers. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Tigo Energy Cloud Connect Advanced 安全漏洞

Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A security vulnerability exists in Tigo Energy Cloud Connect Advanced that stems from insecure session ID generation that could lead to unauthorized access...

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

CVE-2025-40742

CVE-2025-40742 affects Siemens SIPROTEC 5 devices (a wide list including 6MD84/85/86/89, 6MU85, 7KE85, 7SA82/86/87, 7SD82/86/87, 7SJ81/82/85/86, 7SK82/85, 7SL82/86/87, 7SS85, 7ST85/86, 7SX82/85, 7SY82, 7UM85, 7UT82/85/86/87, 7VE85, and Compact 7SX800). The root cause is exposure of session identi...

PT-2025-28400 · Siemens · Siprotec 5 7Sa82 +16

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 All versions SIPROTEC 5 6MD85 CP300 All versions SIPROTEC 5 6MD86 CP300 All versions SIPROTEC 5 6MD89 CP300 All versions SIPROTEC 5 6MD89 CP300 V9.6 All versions SIPROTEC 5 6MU85 CP300 All versions SIPROTEC 5 7KE85 CP30...

PT-2025-27472 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.9 Description: The issue concerns the leakage of JSON Web Tokens JWT used as session identifiers due to their inclusion as GET parameters in URLs. This leakage can occur when a user accesses certain URLs,...

CVE-2023-1898

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session...

CVE-2019-10049

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code that is executed in the context of the victim use...

PT-2025-6969 · Gatesair · Gatesair Maxiva Vaxt

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters affected versions not specified Description: A session hijacking issue exists in the web-based management interface, allowing unauthenticated attackers to access exposed log files at "/logs/debug/xteLog...

CVE-2020-26228

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...

U.S. Dept Of Defense: ASP.NET Application Trace Enabled

The ASP.NET application trace feature was enabled on a public-facing URL, which exposed sensitive internal information, including Session ID values and the physical file paths of server-side resources. This vulnerability could have allowed attackers to gain unauthorized insights into the server...

Authorization Bypass Through User-Controlled Key

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper handling of user session identifiers through the users.queries.php component. An attacker can escalate privileges and perfo...