472 matches found
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
CVE-2026-26721
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...
OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...
CVE-2025-59898
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-68140
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...
CVE-2025-68140 EVerest allows null session ID to bypass session ID verification
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...
PT-2026-3856
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...
CVE-2026-22082
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2023-4110
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...
CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...
CVE-2025-47369
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID...
CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
PT-2026-1540
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An information disclosure issue exists due to a weak hashed value being returned to userland code in response to an IOCTL call used to obtain a session ID. This could potentially allow unauthorized...
CVE-2025-53593
creationtimestamp| type| source ---|---|--- 2026-01-05 21:08:39+00:00| seen| Telegram/umqHpinr1hl9-kkuj6EDT8WXKqbQL0d3QnE4LiNIT5tUfcc...
CVE-2025-65561
An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...
CVE-2025-34412
...
CVE-2025-63529
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating...
D-Link DIR-816L Buffer Overflow Vulnerability
The DIR-816L is a wireless router device from D-Link. A stack-based buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from the genacgimain function in the gena.cgi file improperly handling the SERVERID/HTTPSID parameter. An attacker could use this...
EUVD-2025-197756
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...
CVE-2025-13189
A vulnerability has been found in D-Link DIR-816L 206b09beta. This affects the function genacgimain of the file gena.cgi. The manipulation of the argument SERVERID/HTTPSID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to th...