Lucene search
K

39 matches found

OSV
OSV
added 2026/03/17 6:37 p.m.4 views

GHSA-5V7G-9H8F-8PGG Parse Server session creation endpoint allows overwriting server-generated session fields

Impact An authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows...

4.3CVSS5.9AI score0.00306EPSS
Exploits0References5
OSV
OSV
added 2026/03/10 5:30 p.m.3 views

CVE-2026-30970 Session authentication bypass in Coral Server session creation endpoint

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

8.8CVSS5.8AI score0.00319EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24341

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server is an open collaboration infrastructure designed for communication, coordination, trust, and payments within The Internet of Agents. Before version 1.1.0, the software permitted the...

9.1CVSS5.8AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 2026/03/02 4:16 p.m.4 views

CVE-2025-52563

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...

6.1CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 3:50 p.m.16 views

CVE-2025-52563

Chamilo (LMS) is affected by a reflected XSS vulnerability in the session/add_users_to_session.php endpoint caused by insufficient sanitization of the page parameter. The issue exists before version 1.11.30 and is patched in v1.11.30. Evidence across sources (CVE-2025-52563) confirms the vulnerab...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 3:50 p.m.4 views

CVE-2025-52563 Chamilo: Reflected XSS via page parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...

5.1CVSS5.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/02 3:50 p.m.8 views

EUVD-2025-208178

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...

5.1CVSS5.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/24 1:21 p.m.4 views

EUVD-2025-208088

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...

9.3CVSS6AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 7:46 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...

8.7CVSS5.6AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52284

Name of the Vulnerable Software and Affected Versions free5GC version 4.1.0 Description An issue exists in the LocalNode.Sess function that could allow attackers to cause a denial of service or other unspecified impacts. This can occur through a crafted header, specifically the Local SEID, within...

7.5CVSS6.7AI score0.00369EPSS
Exploits1References4
OSV
OSV
added 2025/12/18 12:0 a.m.5 views

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

7.5CVSS7.1AI score0.0049EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

6.5AI score0.00369EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6203

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00251EPSS
Exploits1References3
OSV
OSV
added 2025/03/06 3:15 p.m.4 views

CVE-2025-25450

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint...

5.1CVSS5.8AI score0.00251EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.5 views

MyTaag 安全漏洞

MyTaag is a digital business card platform from MyTaag, Inc. designed to help users create, manage and share their professional identities online. A security vulnerability exists in MyTaag v.2024-11-24 and prior versions, which stems from a second factor activated via the /session endpoint...

5.1CVSS6.7AI score0.00251EPSS
Exploits1References1
OSV
OSV
added 2021/08/31 9:15 p.m.6 views

CVE-2021-22029

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...

7.5CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2021/08/19 12:0 a.m.6 views

Vmware Workspace One 安全漏洞

Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/08 12:0 a.m.3 views

PT-2020-12695 · Intuit · Argo

Name of the Vulnerable Software and Affected Versions: Argo version v1.5.0 Description: The issue allowed attackers to determine the usernames of valid non-SSO accounts. This was possible because the /api/v1/session endpoint returned a 401 status code for an existing username and a 404 status cod...

5.3CVSS7AI score0.01924EPSS
Exploits0References10
Hacker One
Hacker One
added 2016/09/30 11:42 p.m.25 views

RubyGems: Login credentials transmitted in cleartext on index.rubygems.org

If someone links their target to http://index.rubygems.org then if they click "sign in" their credentials are transmitted plaintext as there is no https redirect or enforcing of https on the login form. Step 1: Link to http://index.rubuygems.org Step 2: sniff traffic open wifi / proxy / etc See t...

Exploits0
Rows per page
Query Builder