Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded yesterday4 views

CVE-2026-56104

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

9.1CVSS
Exploits0References4
Cvelist
Cvelistadded yesterday4 views

CVE-2026-56104 Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

9.1CVSS
Exploits0References4
EUVD
EUVDadded yesterday4 views

EUVD-2026-38285

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

9.1CVSS5.9AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/11/10 8:59 a.m.1 views

CVE-2025-12409 SQL Injection in Looker Studio

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's...

7.3CVSS7.7AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/09 12:0 a.m.2 views

PT-2025-41437

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. An attacker can inject script tags in the...

6.1CVSS6.8AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.5 views

PT-2022-9069 · Unknown · Zgr Tps200 Ng

Name of the Vulnerable Software and Affected Versions: ZGR TPS200 NG version 2.00 Description: The issue allows a remote attacker to perform actions with the permissions of a victim user, given that the victim has an active session and triggers a malicious request. Recommendations: For ZGR TPS200...

9.6CVSS8.5AI score0.00474EPSS
Exploits0References3
OSV
OSVadded 2018/07/13 8:29 p.m.2 views

CVE-2016-6557

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...

8.8CVSS5.8AI score0.00856EPSS
Exploits0References2
Rows per page
Query Builder