CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

433 matches found

OSV•added 2024/12/12 2:6 a.m.•3 views

UBUNTU-CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

9.3CVSS5.8AI score0.19774EPSS

Exploits0References4

Veracode•added 2024/11/13 12:8 p.m.•10 views

Session Fixation

Apache Kylin is vulnerable to Session Fixation. The vulnerability is due to improper handling of session identifiers, allowing an attacker to hijack a user's session...

9.1CVSS6.6AI score0.00622EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2024/11/06 12:0 a.m.•4 views

PT-2024-7682 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.16 Description: The issue is related to incorrect session management in the GLPI system, which can allow a remote attacker to gain full access to the application by intercepting a session. An unauthenticated...

9.8CVSS9.6AI score0.86182EPSS

Exploits9References79

OSV•added 2024/10/15 10:15 a.m.•4 views

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

9.8CVSS5.8AI score

Exploits0References3

ATTACKERKB•added 2024/07/26 2:15 a.m.•4 views

CVE-2024-4447

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...

9.9CVSS5.8AI score0.00477EPSS

Exploits0References2Affected Software1

OSV•added 2024/06/20 10:15 p.m.•2 views

CVE-2024-37183

Plain text credentials and session ID can be captured with a network sniffer...

7.5CVSS5.8AI score0.00246EPSS

Exploits0References1

CNNVD•added 2024/06/20 12:0 a.m.•3 views

Westermo L210-F2G Lynx Security Vulnerability

The Westermo L210-F2G Lynx is an industrial switch from Westermo Sweden. A security vulnerability exists in the Westermo L210-F2G Lynx. An attacker can exploit the vulnerability to obtain plain text credentials and session IDs...

7.5CVSS6.8AI score0.00246EPSS

Exploits0References2

CNNVD•added 2024/06/08 12:0 a.m.•4 views

ZenML Code Issue Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...

8.8CVSS7AI score0.00405EPSS

Exploits1References2

BDU FSTEC•added 2024/03/28 12:0 a.m.•3 views

The vulnerability of the `ticket_age_add` function in the Go programming language allows a violator to gain unauthorized access to session identifiers.

The vulnerability of the ticketageadd function in the Go programming language is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to session identifiers...

3.1CVSS6.9AI score0.0088EPSS

Exploits1References13Affected Software26

OSV•added 2024/03/06 11:6 a.m.•21 views

BIT-JENKINS-2020-2103

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...

5.4CVSS5.6AI score0.07044EPSS

Exploits0References7

Circl•added 2024/03/05 6:27 p.m.•4 views

CVE-2024-27561

creationtimestamp| type| source ---|---|--- 2024-03-05 18:27:05+00:00| seen| https://t.me/ctinow/200545 2024-03-05 18:27:12+00:00| seen| https://t.me/ctinow/200551...

9.1CVSS4.8AI score0.00585EPSS

Exploits1References2

Circl•added 2024/03/01 12:26 a.m.•6 views

CVE-2021-47060

creationtimestamp| type| source ---|---|--- 2024-03-01 00:26:18+00:00| seen| https://t.me/ctinow/197155 2024-03-01 06:51:50+00:00| seen| https://t.me/ctinow/197325...

6CVSS6.5AI score0.00238EPSS

Exploits0References2

CNVD•added 2024/02/22 12:0 a.m.•15 views

IBM PowerSC Information Disclosure Vulnerability (CNVD-2024-09949)

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. An information disclosure vulnerability exists in IBM PowerSC, which can be exploited by an attacker to view session identifiers passed via URL query strings...

5.3CVSS6.2AI score0.00532EPSS

Exploits0References1

OSV•added 2024/02/02 2:15 a.m.•2 views

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

5.3CVSS5.8AI score

Exploits0References2

NVD•added 2024/02/02 2:15 a.m.•10 views

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

5.3CVSS4.9AI score0.00532EPSS

Exploits0References2

Prion•added 2024/02/02 2:15 a.m.•18 views

Code injection

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

5CVSS6.7AI score0.00532EPSS

Exploits0References2Affected Software1

CVE•added 2024/02/02 1:16 a.m.•40 views

CVE-2023-50328

CVE-2023-50328 affects IBM PowerSC 1.3, 2.0, and 2.1. A vulnerability allowed remote attackers to view session identifiers passed via URL query strings. The IBM bulletin lists PowerSC 2.2 as the remediation (update to 2.2 on Fix Central) and enumerates affected filesets (powerscStd.uiServer, powe...

5.3CVSS5.1AI score0.00532EPSS

Exploits0References2Affected Software1