Lucene search
K

247 matches found

NVD
NVD
added 2025/04/02 3:15 p.m.25 views

CVE-2024-25051

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system...

7.2CVSS0.00354EPSS
Exploits0References1
CVE
CVE
added 2025/04/02 2:57 p.m.61 views

CVE-2024-25051

IBM Jazz Reporting Service (versions 7.0.2–7.0.3) does not invalidate the user session on logout, allowing an authenticated privileged user to impersonate another user. Root cause: insufficient session expiration/invalidat ion after logout. Impact: potential privilege escalation and unauthorized ...

7.2CVSS6.7AI score0.00354EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/21 12:0 a.m.7 views

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...

5.4CVSS6.1AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 5:15 p.m.34 views

CVE-2025-2079

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT JSON Web Token sessions...

8.7CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 3:3 p.m.49 views

CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...

8.1CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 2025/02/20 12:15 p.m.24 views

CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

4.3CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 10:28 a.m.48 views

CVE-2024-45386

The CVE-2024-45386 entry concerns Siemens SIMATIC PCS neo (v4.0, v4.1 < Update 2, v5.0 < Update 1), SIMOCODE ES v19 (< Update 1), SIRIUS Safety ES v19 (TIA Portal) (< Update 1), SIRIUS Soft Starter ES (TIA Portal) (< Update 1), and TIA Administrator (

8.8CVSS8.6AI score0.00536EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 3:11 p.m.48 views

CVE-2024-42207

CVE-2024-42207 concerns HCL iAutomate and describes a session fixation vulnerability that could allow an attacker to hijack a victim’s session ID from an authenticated session. Multiple sources corroborate the issue but do not provide concrete patch details or affected versions. PT-Security notes...

6CVSS6.8AI score0.00266EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/04 10:12 p.m.17 views

CVE-2024-35220

@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not...

7.4CVSS7.4AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.5 views

Apache Airflow 代码问题漏洞

Apache Airflow is a set of open source platforms for creating, managing and monitoring workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 1.5.2 that stems from a...

8.1CVSS6.5AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2025/01/08 12:0 a.m.49 views

CVE-2024-55517

Summary (CVE-2024-55517) : Polaris FT Intellect Core Banking 9.5’s Interllect Core Search has a vulnerability where input passed via the groupType parameter in /SCGController is mishandled before being used in SQL queries, enabling SQL injection in an authenticated session. Affected component: In...

8.8CVSS7.8AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/20 8:1 p.m.5 views

CVE-2024-56330 Session VNC may be accessed by other sessions on the same host in stardust

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

9.3CVSS6.4AI score0.00471EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 12:15 a.m.43 views

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS0.00502EPSS
Exploits1References8
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Medium: python-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
OSV
OSV
added 2024/12/18 11:52 p.m.15 views

CVE-2024-55603 Insufficient session invalidation in Kanboard

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS6.7AI score0.00502EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.7 views

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, Hitachi Energy MicroSCADA X SYS600, allows a intruder to intercept an already established session.

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, MicroSCADA X SYS600, involves bypassing the authentication process. Exploiting this vulnerability allows a malicious actor to intercept an already established session...

8.2CVSS5.5AI score0.00217EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/21 9:30 a.m.6 views

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

5.6CVSS7.1AI score0.0034EPSS
Exploits0References5
OSV
OSV
added 2024/11/18 12:0 a.m.16 views

CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

5.4CVSS5.8AI score0.00301EPSS
Exploits0References4
Veracode
Veracode
added 2024/11/06 12:46 p.m.11 views

Improper Session Termination

umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...

4.2CVSS6.7AI score0.00247EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/03 12:0 a.m.6 views

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, related to the ability to send a cookie session file, allows a intruder to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the ability to send a cookie session file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information and enhance their privileges...

8.3CVSS5.4AI score0.00391EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder