Lucene search
K

1014 matches found

EUVD
EUVD
added 2026/03/23 9:30 p.m.8 views

EUVD-2026-14547

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 9:17 p.m.8 views

CVE-2026-4368

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS0.03618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 8:9 p.m.4 views

CVE-2026-4368 Race Condition leading to User Session Mixup

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 11:8 a.m.6 views

CVE-2025-41258 LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/11 10:40 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...

4.4CVSS5.7AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 6:48 p.m.3 views

GHSA-WVHQ-WP8G-C7VQ Flowise has Authorization Bypass via Spoofed x-request-from Header

Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...

8.7CVSS5.9AI score0.00477EPSS
Exploits1References4
NVD
NVD
added 2026/02/26 6:23 p.m.12 views

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:55 p.m.6 views

CVE-2019-25356

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript...

6.1CVSS5.9AI score0.00282EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 11:49 a.m.3 views

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of AI prompt responses. An attacker can execute arbitrary scripts in the context of another user's session by injecting malicious HTML or JavaScrip...

8.5CVSS5.5AI score0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 2:7 p.m.4 views

CVE-2022-50975

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

8.8CVSS5.6AI score0.00226EPSS
Exploits0References3Affected Software10
SUSE CVE
SUSE CVE
added 2026/01/24 12:25 a.m.4 views

SUSE CVE-2025-71150

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...

5.5CVSS5.3AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2025-71150

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...

5.5CVSS0.00118EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:15 p.m.3 views

CVE-2025-71150

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.9 views

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session...

9.8CVSS7.2AI score0.00666EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.10 views

CVE-2023-45912

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings...

7.5CVSS6.9AI score0.00638EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.9 views

CVE-2021-33982

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions...

7.5CVSS6.7AI score0.0112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-22523

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...

7.6CVSS7AI score0.00811EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.3 views

CVE-2021-22979

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned...

6.1CVSS6AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:18 a.m.10 views

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a...

6.5CVSS7AI score0.00918EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.8 views

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

9.6CVSS7.9AI score0.01713EPSS
Exploits0References1
Rows per page
Query Builder