Lucene search
K

246 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-0044

Malicious code in bioql PyPI...

6.4CVSS5.6AI score0.00674EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/09/20 12:0 a.m.4 views

Starch 安全漏洞

Starch is an HTTP session library by the individual developer Aran Clary. A security vulnerability exists in Starch 0.14 and earlier versions, which stems from insecure session ID generation and could lead to a session hijacking attack...

9.1CVSS6.5AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2025/09/08 9:12 p.m.15 views

CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS6.6AI score0.00275EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.14 views

PT-2025-36507

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. Admin UI user password changes do not invalidate active user sessions prior to version 2.69.1, creating a vulnerability chaining opportunity...

6.3CVSS5.8AI score0.00275EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2025/07/24 2:52 p.m.4 views

CVE-2025-36005 IBM MQ Operator information disclosure

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

5.9CVSS5.9AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.24 views

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

0.01761EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/20 10:27 a.m.7 views

Improper Access Control

github.com/ubuntu/authd is vulnerable to Improper Access Control. The vulnerability is due to flawed temporary user record handling due to a defect in pre-auth NSS where first-time logins are mistakenly treated as part of the root group during the SSH session...

8.5CVSS8.3AI score0.00255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/06/16 3:32 p.m.5 views

GHSA-MF3R-6M25-3867 Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...

8.7CVSS7.2AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 2025/06/16 12:15 p.m.12 views

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.5 views

PT-2025-24597 · Sap · Sap Master Data Management Server

Name of the Vulnerable Software and Affected Versions: SAP Master Data Management Server affected versions not specified Description: The issue allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate. This gives the ability to...

5.6CVSS6.6AI score0.00208EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/06 1:10 p.m.13 views

CVE-2025-0620 Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

4.9CVSS6.7AI score0.00595EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/01 12:0 a.m.5 views

IBM Planning Analytics Local 代码问题漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...

8.8CVSS6.6AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/26 3:10 p.m.11 views

CVE-2025-46802 Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

6CVSS6.7AI score0.0019EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.5 views

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS6.4AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.6 views

CVE-2023-40695

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938...

8.8CVSS6.2AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.14 views

CVE-2023-33005

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...

5.4CVSS6.8AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.12 views

CVE-2022-22371

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195...

6.5CVSS6.3AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.7 views

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

8.8CVSS7AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.6 views

CVE-2021-35214

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...

4.8CVSS7AI score0.01768EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.8 views

CVE-2020-14017

An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the...

7.5CVSS6.5AI score0.01165EPSS
Exploits1
Rows per page
Query Builder