Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

309 matches found

Packet Storm
Packet Stormadded 2020/12/04 12:0 a.m.870 views

VestaCP 0.9.8-26 Session Validation

Document Title: =============== VestaCP v0.9.8-26 - Session Validation Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2238 Release Date: ============= 2020-11-25 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
CVE
CVEadded 2020/11/30 3:30 p.m.45 views

CVE-2020-4696

CVE-2020-4696 affects IBM Cloud Pak for Security (CP4S) version 1.3.0.1. The root cause is that the session is not invalidated after logout, which could allow an authenticated user to obtain sensitive information from the previous session. Affected software: CP4S 1.3.0.1. Impact described in sour...

5.3CVSS4.2AI score0.00741EPSS
Exploits0References2Affected Software1
Vulnerability Lab
Vulnerability Labadded 2020/11/25 12:0 a.m.35 views

VestaCP v0.9.8-26 - Session Validation Web Vulnerability

Document Title: =============== VestaCP v0.9.8-26 - Session Validation Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2238 Release Date: ============= 2020-11-25 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
CNNVD
CNNVDadded 2020/11/19 12:0 a.m.2 views

TSMManager Collector Information Disclosure Vulnerability

Tsmmanager TSMManager Collector is a software that enables monitoring, management, operation, and control of Distributed Storage Managers, Tivoli Storage Managers, and Disk Storage Managers from TSMManager Tsmmanager, USA. An information disclosure vulnerability exists in JamoDat TSMManager...

7.5CVSS7.1AI score0.01952EPSS
Exploits0References3
CNNVD
CNNVDadded 2020/11/17 12:0 a.m.3 views

Aviatrix Systems Controller 加密问题漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An improper access control vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from the fact that multiple executables...

7.5CVSS7.2AI score0.01163EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2020/10/22 12:0 a.m.5 views

PT-2020-14328 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions 4.3.0 Description: The issue allows clients with expired sessions to still receive subscription objects because Parse Server broadcasts events to all clients without checking if the session token is valid. It is not...

4.3CVSS4.4AI score0.01151EPSS
Exploits0References9
OSV
OSVadded 2020/06/15 2:15 p.m.1 views

CVE-2020-4494

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 Linux and Windows, 8.1.9.0 trough 8.1.9.1 AIX and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 Linux, 8.1.9.0 through 8.1.9.1 AIX web user interfaces could allow an attacker to bypass authentication due to improper session...

7.5CVSS7.1AI score0.02229EPSS
Exploits0References2
Prion
Prionadded 2020/06/15 2:15 p.m.16 views

Authentication flaw

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 Linux and Windows, 8.1.9.0 trough 8.1.9.1 AIX and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 Linux, 8.1.9.0 through 8.1.9.1 AIX web user interfaces could allow an attacker to bypass authentication due to improper session...

5CVSS7.4AI score0.02229EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2020/06/15 1:25 p.m.37 views

CVE-2020-4494

CVE-2020-4494 affects IBM Spectrum Protect Client (Linux/Windows) versions 8.1.7.0–8.1.9.1 and Spectrum Protect for Space Management (Linux) 8.1.7.0–8.1.9.1, with web UIs that could bypass authentication due to improper session validation, potentially granting access to unauthorized resources. IB...

7.5CVSS7.4AI score0.02229EPSS
Exploits0References2Affected Software1
0day.today
0day.todayadded 2020/04/24 12:0 a.m.54 views

QRadar Community Edition 7.3.1.6 Path Traversal Vulnerability

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens UUIDs. QRadar fails to validate if the user-supplied token is in the correct format. Using path...

0.5AI score
Exploits0
Packet Storm
Packet Stormadded 2020/04/17 12:0 a.m.118 views

SMACom 1.2.0 Insecure Transit / Password Disclosure

Document Title: =============== SMACom v1.2.0 - Insecure Session Validation Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2211 Release Date: ============= 2020-04-16 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Labadded 2020/04/15 12:0 a.m.34 views

SMACom v1.2.0 - Insecure Session Validation Vulnerability

Document Title: =============== SMACom v1.2.0 - Insecure Session Validation Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2211 Release Date: ============= 2020-04-15 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2020/04/14 11:37 a.m.14 views

Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4304)

Summary A vulnerability in IBM Websphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM Performance Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM...

6.5CVSS1AI score0.0114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/03/25 7:54 a.m.33 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304)

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION:...

6.5CVSS0.5AI score0.0149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/03/19 6:48 p.m.21 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4304)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-4304 Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation...

6.5CVSS1.4AI score0.0114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/03/18 2:38 p.m.33 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Summary Security vulnerabilities in WebSphere Application Server Liberty, such as spoofing, obtaining sensitive information, and bypassing security restrictions, affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Prote...

6.5CVSS1AI score0.018EPSS
Exploits1Affected Software3
OSV
OSVadded 2020/02/17 3:15 a.m.2 views

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

7.5CVSS7.1AI score
Exploits0References1
NVD
NVDadded 2020/02/17 3:15 a.m.16 views

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

7.5CVSS7.7AI score0.00911EPSS
Exploits1References1
Prion
Prionadded 2020/02/17 3:15 a.m.14 views

Input validation

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

5CVSS7.7AI score0.00911EPSS
Exploits1References1Affected Software5
CVE
CVEadded 2020/02/17 3:0 a.m.105 views

CVE-2020-9034

The CVE-2020-9034 entry affects Symmetricom SyncServer models S100 (2.90.70.3), S200 (1.30), S250 (1.25), S300 (2.65.0), and S350 (2.80.1). The vulnerability stems from mishandled session validation, allowing unauthenticated creation, modification, or deletion of user accounts. Documents consiste...

7.5CVSS7.6AI score0.00911EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder