Lucene search
K

214 matches found

ATTACKERKB
ATTACKERKB
added 2025/08/08 2:25 p.m.3 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS5.8AI score0.00187EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/08/08 2:25 p.m.27 views

CVE-2025-36119

The CVE-2025-36119 issue affects IBM i 7.3–7.6 (DCM for i) and is caused by a web session hijacking vulnerability that lets an authenticated user without admin privileges perform actions as an administrator. IBM has published remediation via PTFs, with fixes included in IBM i Release 7.3–7.6 unde...

8.8CVSS6.2AI score0.00187EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.4 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, 7.5, and 7.6 that stems from Web session hijacking in IBM Digital Certificate Manager for i DCM resulting in...

8.8CVSS6.6AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/16 3:32 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SessionClicks class. An attacker can exhaust system memory by sending crafted HTTP requests that cause excessive request parameters to be stored in the HTTP session. Details...

8.7CVSS6.9AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 3:15 p.m.5 views

CVE-2025-3526

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...

7.5CVSS6.9AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.9 views

CVE-2022-33137

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...

8CVSS6.7AI score0.00816EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.12 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS7.2AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.4 views

CVE-2022-25626

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...

5.3CVSS7AI score0.00687EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 a.m.7 views

CVE-2012-0301

Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors...

5.4CVSS7AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.5 views

CVE-2010-2149

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors...

4CVSS7AI score0.0174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 a.m.7 views

CVE-2013-7387

Session fixation vulnerability in DataLife Engine DLE 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie...

6.8CVSS7.1AI score0.04955EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 a.m.5 views

CVE-2013-0937

Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors...

5.8CVSS7.1AI score0.0109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:33 p.m.6 views

CVE-2002-2125

Internet Explorer 6.0 does not warn users when an expired certificate authority CA certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle MITM attack...

6.4CVSS6.8AI score0.08256EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 7:15 p.m.14 views

CVE-2025-0138

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue...

2CVSS0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

Palo Alto Networks Prisma Cloud Compute Edition 代码问题漏洞

Palo Alto Networks Prisma Cloud Compute Edition is a cloud-native security platform from U.S.-based Palo Alto Networks that provides full lifecycle protection for containers, hosts, and serverless workloads. A security vulnerability exists in Palo Alto Networks Prisma Cloud Compute Edition that...

2CVSS6.6AI score0.00299EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/10/28 5:26 p.m.23 views

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud...

7AI score
Exploits0
OSV
OSV
added 2024/09/11 5:15 p.m.3 views

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

3.7CVSS5.8AI score0.00254EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.7 views

The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform allow a perpetrator to gain unauthorized access to the device.

The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the FortiSwitchManager local management platform are related to incorrect session duration settings. Exploiting this vulnerability can allow a remote attacker to gain...

9CVSS5.5AI score0.00443EPSS
Exploits0References2Affected Software4
OSV
OSV
added 2024/07/26 12:15 p.m.5 views

CVE-2024-41687

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/14 12:0 a.m.6 views

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used for physical access to the facility by the controller. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from...

8.8CVSS6.5AI score0.00511EPSS
Exploits0References2
Rows per page
Query Builder