Lucene search
K

2161 matches found

Nuclei
Nuclei
added yesterday24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6.1AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday74 views

Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie

Wing FTP Server versions prior to 7.4.4 are vulnerable to an authenticated information disclosure vulnerability CVE-2025-47813. The vulnerability occurs due to improper validation of the 'UID' session cookie in the /loginok.html endpoint. Supplying an overlong UID value causes the server to respo...

10CVSS6.8AI score0.95343EPSS
Exploits24References2
Nuclei
Nuclei
added yesterday34 views

ICTBroadcast - Command Injection

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...

9.3CVSS7.3AI score0.0604EPSS
Exploits3References2
CVE
CVE
added 2 days ago14 views

CVE-2026-56308

Capgo before 12.128.2 contains an insufficient authentication flaw in the email-change endpoint: an attacker with a valid session cookie or authenticated browser can change the account email without re-authenticating the current password or verifying the existing mailbox. This can enable control ...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-38057

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-38057

The CVE-2026-38057 entry affects the iDirect iQ200 series. The issue is CSRF on state-changing API endpoints, specifically the /api/reboot POST endpoint, which accepts requests authenticated only by a session cookie that lacks the SameSite attribute. A remote attacker can lure an authenticated ad...

8.1CVSS6.1AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 5:19 p.m.6 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:19 p.m.16 views

CVE-2026-57948

Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53666

Name of the Vulnerable Software and Affected Versions Pinpoint versions prior to 3.1.1 Description Insecure session management occurs because the pinpointJwt session cookie lacks HttpOnly and Secure attributes. This allows the cookie to be accessed via JavaScript through document.cookie and...

7.6CVSS5.8AI score0.00126EPSS
Exploits0References7
CVE
CVE
added 2026/06/26 1:11 a.m.10 views

CVE-2026-50744

Revive Adserver 6.0.7 is affected by a bypass of the admin‑only restriction in the XML‑RPC API. The ox.login method returned a session ID cookie in HTTP headers and, although it reported an error, the session was not invalidated, allowing a leaked session ID to be reused for subsequent API calls ...

4.3CVSS5.9AI score0.00173EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 10:11 p.m.10 views

Snipe-IT's selectlist visibility is too permissive

Impact The GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This...

7.1CVSS5.9AI score0.00385EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.21 views

CVE-2026-56347 AVideo TopMenu Plugin - Stored Cross-Site Scripting via Unescaped Menu Item Fields

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
Talos
Talos
added 2026/06/15 12:0 a.m.10 views

GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

9.9CVSS5.6AI score0.00348EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/13 4:2 p.m.110 views

MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

5.5AI score
Exploits0
CVE
CVE
added 2026/06/11 7:4 p.m.25 views

CVE-2026-49973

CVE-2026-49973 affects Hermes WebUI prior to version 0.51.358. The issue is an improper access control in the settings API that allows unauthenticated remote attackers to hijack the initial setup by posting to the /api/settings endpoint using the _set_password parameter without origin restriction...

9.4CVSS5.7AI score0.00543EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 2:16 p.m.12 views

CVE-2026-53661

Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...

8.8CVSS0.00259EPSS
Exploits0References3
Rows per page
Query Builder