Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/03/09 8:18 a.m.36 views

CVE-2025-41772 wwwupdate.cgi Session token in URL

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...

7.5CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 8:18 a.m.14 views

CVE-2025-41772

The CVE-2025-41772 entry concerns the wwwupdate.cgi endpoint in UBR, where session tokens are exposed in plaintext in URL parameters. An unauthenticated remote attacker can obtain valid session tokens via the URL, enabling potential session hijacking. The connected CVE records confirm the vulnera...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.6 views

PT-2026-24038

Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description An unauthenticated remote attacker can obtain valid session tokens. These tokens are exposed in plaintext within the URL parameters of the ''wwwupdate.cgi'' endpoint. The issue involves the...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References7
OSV
OSV
added 2025/11/20 3:30 p.m.5 views

GHSA-62VX-HPCR-M9CH @perfood/couch-auth may expose session tokens, passwords

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

8.7CVSS6.7AI score0.00186EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/06 4:0 a.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.3 views

TARGIT Decision Suite 安全漏洞

TARGIT Decision Suite is a BI and analytics tool from TARGIT that helps companies integrate, visualize and share data better and faster than ever before. A security vulnerability exists in TARGIT Decision Suite versions prior to 23.2.15007.0 that stems from the fact that session tokens are part o...

7.5CVSS6.7AI score0.00289EPSS
Exploits0References3
OSV
OSV
added 2022/09/16 4:15 p.m.19 views

CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

3.7CVSS7AI score0.0067EPSS
Exploits0References3
Rows per page
Query Builder