Lucene search
K

48540 matches found

Cvelist
Cvelist
added 2026/06/23 7:40 p.m.29 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS0.00146EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:40 p.m.7 views

CVE-2026-12112

CVE-2026-12112 affects the foreman-mcp-server MCP Server. The issue is a session management vulnerability where an improper cache of authenticated client connections allows an unauthenticated attacker to hijack active administrative sessions by trusting a non-secret session ID without re-validati...

7.8CVSS5.9AI score0.00146EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 7:40 p.m.5 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00146EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 7:40 p.m.6 views

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 7:11 p.m.8 views

AVideo Meet plugin: anonymous-to-admin stored XSS via unescaped participant User-Agent in getMeetInfo.json.php Participants panel

Summary The Meet plugin stores the raw HTTP User-Agent header of every meeting participant and later renders it without output encoding in the meeting-management "Participants" panel that the meeting host and site administrators open. An anonymous, unauthenticated attacker can join any public...

6.2AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 5:36 p.m.35 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 5:16 p.m.4 views

CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS0.0031EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:51 p.m.35 views

CVE-2026-54007 Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim...

7.1CVSS0.00162EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:27 p.m.36 views

CVE-2026-55423 Langflow: Logout button does not clear session

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 4:27 p.m.16 views

CVE-2026-55423

CVE-2026-55423 affects Langflow prior to version 1.7.0, where the /logout flow fails to clear session data. Root cause: the logout endpoint did not delete cookies with matching attributes (httponly/samesite/secure/domain), so tokens persisted in local storage and cookies even after logout. Conseq...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/23 4:17 p.m.13 views

CVE-2026-56695

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 4:17 p.m.9 views

CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:14 p.m.15 views

CVE-2026-34917

CVE-2026-34917 affects Revive Adserver: low-privilege session IDs generated for the web admin console can be reused in the XML-RPC API, whose authentication is normally admin-restricted. This allowed scenario enables an attacker to gain unauthorized API access and potentially exploit API-level vu...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.31 views

CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS0.0031EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.4 views

EUVD-2026-38509

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 3:36 p.m.20 views

CVE-2026-54309

CVE-2026-54309 affects n8n when using the MCP Browser extension in HTTP transport mode. The MCP endpoint accepts unauthenticated session initialization and tool invocation requests, enabling network-reachable clients (or websites visited by the user) to establish an MCP session and invoke browser...

10CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:36 p.m.35 views

CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38467

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder