POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

metasploit-cheatsheet

Metasploit Cheatsheet A practical reference for using Metaspl...

FTL 竞争条件问题漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL prior to 6.6.1 contained a race condition vulnerability, which stems from race conditions in the HTTP session management subsystem. This vulnerability could allow attackers to perform...

PT-2026-48561

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

EUVD-2026-34137

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

ROS-20260529-73-0015

The vulnerability in openbao is related to improper session management. Exploiting this vulnerability can allow a remote attacker to intercept a user’s session...

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103709)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103709 advisory. - This BASM Broken Authentication & Session Management vulnerability allows an unauthenticated attacker to perform actions as another user which ha...

[SECURITY] Fedora 43 Update: perl-Apache-Session-Browseable-1.3.19-1.fc43

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

GO-2026-4991 Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

PT-2026-42376

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

CVE-2026-22706

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authentication...

CVE-2026-4827

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

CVE-2026-44873

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with...