1010 matches found
CVE-2025-15387 QNO Technology|VPN Firewall - Insufficient Entropy
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system...
CVE-2025-15387 QNO Technology|VPN Firewall - Insufficient Entropy
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system...
GO-2025-4191 Mattermost Server allows users with a session ID to revoke another users' session in github.com/mattermost/mattermost-server
Mattermost Server allows users with a session ID to revoke another users' session in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...
PT-2025-50272
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of the ''/Mondo/lang/sys/Forms/MAI/compose.aspx'' endpoint. The...
SUSE CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
Linux Distros Unpatched Vulnerability : CVE-2025-40285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing...
CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
DEBIAN-CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
UBUNTU-CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285
The CVE-2025-40285 issue affects the Linux kernel smb/server (ksmbd) in smb2_sess_setup, where a missing ksmbd_user_session_put() caused a reference count leak of ksmbd_session on session reconnect. The fix adds the missing ksmbd_user_session_put() to prevent the leak, with upstream commits refer...
CVE-2025-40285
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-34258
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...
CVE-2025-11127
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address...
CVE-2025-61931
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...
CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...