Lucene search
K

174 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-28564 Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

0.00367EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 2:34 p.m.3 views

PYSEC-2026-1147 Apache Airflow Fab Provider Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

2.1CVSS5.9AI score0.00936EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 8:0 a.m.34 views

CVE-2026-14725 SourceCodester Online Boat Reservation System session expiration

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00209EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 8:0 a.m.10 views

CVE-2026-14725

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.12 views

CVE-2026-12796

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References8
OSV
OSV
added 2026/06/21 2:0 a.m.4 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

5.3CVSS6.1AI score0.00262EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/15 8:36 a.m.13 views

EUVD-2026-36702

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/04 8:50 p.m.9 views

CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/22 3:31 p.m.5 views

EUVD-2026-24831

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

5.6AI score0.00499EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional expiration of sessions when binding fails. This could allow remote attackers to...

8.2CVSS7.2AI score0.00499EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets...

8.2CVSS7.2AI score0.00499EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:11 p.m.4 views

CVE-2026-40587 blueprintUE: Active Sessions Are Not Invalidated After Password Change or Reset

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session upda...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 5:4 p.m.9 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:3 a.m.4 views

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/31 3:8 p.m.6 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 3:8 p.m.4 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29278

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.69 and 9.7.0-alpha.14 Description An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1473)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1473 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.2AI score0.01945EPSS
Exploits2References10
Rows per page
Query Builder