Lucene search
K

211 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2025-210341

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS5.9AI score0.00266EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.19 views

CVE-2025-71335 Flowise - Session Invalidation Failure After Password Change

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS0.00266EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 9:41 p.m.16 views

CVE-2025-71335

Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...

8.6CVSS5.9AI score0.00266EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52614

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...

8.6CVSS5.8AI score0.00266EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if the device is no longer registered. syzbot still reports that unregisternetdevice: waiting for vcan0 to become free. Usage count = 2. Even after commit 93a27b5891b8 “can: j1939: add...

5.5CVSS5.7AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
NVD
NVD
added 2026/06/12 5:16 p.m.9 views

CVE-2026-53982

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS0.00329EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 4:25 p.m.18 views

CVE-2026-53982

Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6AI score0.00332EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/20 6:31 p.m.13 views

EUVD-2026-31130

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

8.8CVSS5.8AI score0.00198EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

5.5CVSS6.2AI score0.00183EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfers and subscribing to the error queue while...

5.6AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 12:0 a.m.18 views

CVE-2026-44925

CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...

8.8CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 6:46 p.m.32 views

CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

3.8CVSS0.00134EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/07 11:33 a.m.19 views

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

10CVSS6.5AI score0.03678EPSS
Exploits1
Snyk
Snyk
added 2026/04/14 11:39 p.m.5 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

6.3CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/04/07 7:56 p.m.11 views

CVE-2025-14857

CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...

5.4CVSS6.2AI score0.00243EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/06 10:54 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ModalFormResponsePacket handling process. An attack...

7.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2026/02/19 10:36 p.m.15 views

CVE-2025-13671

OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...

6.5CVSS5.5AI score0.0015EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/02/09 7:17 p.m.227 views

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 & CVE-2025-6019 PoC A Proof of Concept for chai...

7.8CVSS5.8AI score0.00957EPSS
Exploits19
Rows per page
Query Builder