Lucene search
K

3965 matches found

CVE
CVE
added 2026/06/22 12:25 p.m.15 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 10:16 a.m.13 views

CVE-2026-12581

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:30 a.m.38 views

CVE-2026-12581 Digiwin|EasyFlow .NET - Session Fixation

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS0.00299EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:30 a.m.8 views

EUVD-2026-38223

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS5.9AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:30 a.m.27 views

CVE-2026-12581

CVE-2026-12581 affects EasyFlow .NET (Digiwin). A session-fixation vulnerability allows unauthenticated remote attackers to replace a specific session ID for a user; once the user logs in, the attacker can gain the user’s privilege. Exploitation details are not provided in the available documents...

7.7CVSS5.9AI score0.00299EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:30 a.m.10 views

CVE-2026-12581

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS5.9AI score0.00299EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 2:37 p.m.32 views

GHSA-CWXW-98QJ-8QJX guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:37 p.m.9 views

guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/17 11:9 p.m.8 views

CVE-2026-9679

A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...

5.9CVSS5AI score0.00257EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 6:18 p.m.18 views

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-9507

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 11:47 a.m.16 views

EUVD-2026-37079

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 11:47 a.m.41 views

CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 11:47 a.m.17 views

CVE-2026-9507

CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:16 a.m.14 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS0.00369EPSS
Exploits0References5
OSV
OSV
added 2026/06/09 9:16 a.m.10 views

UBUNTU-CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 7:34 a.m.15 views

EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 7:34 a.m.10 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

5.5AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 7:34 a.m.41 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

0.00369EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 7:34 a.m.25 views

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References5
Rows per page
Query Builder