CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

7.4CVSS5.7AI score0.00516EPSS

Exploits0References5

RedHat Linux•added 2025/08/28 4:57 p.m.•4 views

httpd: HTTP Session Hijack via a TLS upgrade

7.4CVSS5.7AI score0.00516EPSS

Exploits0References5

RedhatCVE•added 2025/08/10 2:33 p.m.•18 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS6.8AI score0.00175EPSS

Exploits0References1

CVE•added 2025/08/08 2:25 p.m.•25 views

CVE-2025-36119

The CVE-2025-36119 issue affects IBM i 7.3–7.6 (DCM for i) and is caused by a web session hijacking vulnerability that lets an authenticated user without admin privileges perform actions as an administrator. IBM has published remediation via PTFs, with fixes included in IBM i Release 7.3–7.6 unde...

8.8CVSS6.2AI score0.00175EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/22 5:39 a.m.•4 views

CVE-2010-2149

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors...

4CVSS7AI score0.0174EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 5:33 a.m.•1 views

SUSE CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

6.8CVSS9.1AI score0.01439EPSS

Exploits0References3

OSV•added 2022/05/17 3:53 a.m.•2 views

GHSA-8JFX-H6Q2-V4G3 Jenkins session fixation vulnerability

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

6.8CVSS5.9AI score0.02061EPSS

Exploits0References5

OSV•added 2018/10/31 4:29 p.m.•2 views

CVE-2018-13282

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter...

6.3CVSS5.8AI score0.0096EPSS

Exploits0References1

CNVD•added 2017/09/08 12:0 a.m.•1 views

D-Link DIR-600L Session Fixed Vulnerability

D-Link DIR-600L is a cloud router product from AUO D-Link. A session fixation vulnerability exists in D-Link DIR-600L routers using firmware FW1.17.B01. A remote attacker can exploit the vulnerability to hijack a web session...

9.8CVSS9.5AI score0.01932EPSS

Exploits0References1

OSV•added 2017/08/23 4:29 p.m.•3 views

CVE-2017-12965

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...

9.8CVSS5.8AI score0.15668EPSS

Exploits5References4

OSV•added 2017/04/12 10:59 p.m.•5 views

CVE-2017-7284

An attacker that has hijacked a Unitrends Enterprise Backup before 9.1.2 web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover...

8.8CVSS5.8AI score0.02656EPSS

Exploits1References1

OSV•added 2017/03/03 3:59 p.m.•3 views

UBUNTU-CVE-2016-10205

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie...

7.3CVSS7.2AI score0.01386EPSS

Exploits1References5

Tenable Nessus•added 2014/08/30 12:0 a.m.•84 views

GLSA-201408-11 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201408-11 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution...

7.5CVSS7.5AI score0.34826EPSS

Exploits19References27

CISA•added 2013/12/09 12:0 a.m.•12 views

Google Releases Google Chrome 31.0.1650.63

Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition. US-CERT encourages users and...

6.8AI score

Exploits0References1

ThreatPost•added 2010/10/27 4:59 p.m.•9 views

New FireSheep-Style Tool Hijacks Twitter Sessions

Days after researchers at the ToorCon Security Conference in San Diego released a tool to hijack insecure Web sessions on Facebook, iGoogle and Flickr, a developer has released a similar tool, dubbed “Idiocy” that does the same for insecure Twitter sessions. There’s a twist, though. Rather than...

6.9AI score

Exploits0References5

RedHat Linux•added 2009/01/19 9:16 p.m.•2 views

SquirrelMail: Session fixation vulnerability

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie...

5.8CVSS7.2AI score0.01855EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by