Lucene search
K

472 matches found

Cvelist
Cvelist
•added 2026/02/20 12:0 a.m.•25 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

0.00262EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
•added 2026/02/20 12:0 a.m.•5 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

5.5AI score0.00262EPSS
Exploits1References2
Github Security Blog
Github Security Blog
•added 2026/02/18 12:57 a.m.•22 views

OpenClaw's unsanitized session ID enables path traversal in transcript file operations

Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...

8.4CVSS5.5AI score0.00136EPSS
Exploits0References7Affected Software1
NVD
NVD
•added 2026/01/28 12:15 p.m.•5 views

CVE-2025-59898

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.4CVSS0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/22 8:22 p.m.•4 views

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/01/21 7:54 p.m.•3 views

CVE-2025-68140 EVerest allows null session ID to bypass session ID verification

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/01/21 12:0 a.m.•10 views

PT-2026-3856

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/01/13 10:52 p.m.•4 views

CVE-2026-22082

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS6.7AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/09 12:32 p.m.•11 views

CVE-2023-4110

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...

6.1CVSS6.1AI score0.01766EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/01/09 12:32 p.m.•5 views

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/08 3:14 a.m.•6 views

CVE-2025-47369

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID...

5.5CVSS6.8AI score0.00069EPSS
Exploits2References1
Cvelist
Cvelist
•added 2026/01/06 3:52 p.m.•27 views

CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS0.00595EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/01/06 12:0 a.m.•7 views

PT-2026-1540

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An information disclosure issue exists due to a weak hashed value being returned to userland code in response to an IOCTL call used to obtain a session ID. This could potentially allow unauthorized...

5.5CVSS6.1AI score0.00069EPSS
Exploits2References5
Circl
Circl
•added 2026/01/05 9:8 p.m.•5 views

CVE-2025-53593

creationtimestamp| type| source ---|---|--- 2026-01-05 21:08:39+00:00| seen| Telegram/umqHpinr1hl9-kkuj6EDT8WXKqbQL0d3QnE4LiNIT5tUfcc...

6.5CVSS4.8AI score0.00304EPSS
Exploits0
Cvelist
Cvelist
•added 2025/12/18 12:0 a.m.•18 views

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

0.00369EPSS
Exploits1References2
Cvelist
Cvelist
•added 2025/12/15 2:44 p.m.•26 views

CVE-2025-34412

...

0.00075EPSS
Exploits0
Cvelist
Cvelist
•added 2025/12/01 12:0 a.m.•9 views

CVE-2025-63529

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating...

6.1CVSS0.00328EPSS
Exploits1References3
CNVD
CNVD
•added 2025/11/18 12:0 a.m.•2 views

D-Link DIR-816L Buffer Overflow Vulnerability

The DIR-816L is a wireless router device from D-Link. A stack-based buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from the genacgimain function in the gena.cgi file improperly handling the SERVERID/HTTPSID parameter. An attacker could use this...

9.8CVSS8.2AI score0.00823EPSS
Exploits1References1
EUVD
EUVD
•added 2025/11/17 4:2 a.m.•6 views

EUVD-2025-197756

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

7.5CVSS6.4AI score0.00525EPSS
Exploits1References6
NVD
NVD
•added 2025/11/15 6:15 a.m.•6 views

CVE-2025-13189

A vulnerability has been found in D-Link DIR-816L 206b09beta. This affects the function genacgimain of the file gena.cgi. The manipulation of the argument SERVERID/HTTPSID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to th...

9.8CVSS0.00823EPSS
Exploits1References5
Rows per page
Query Builder