Mattermost Server 10.11.x <= 10.11.13 / 11.3.x < 11.3.3 / 11.4.x < 11.4.3 / 11.5.x < 11.5.1 / 11.6.0 Multiple Vulnerabilities (MMSA-2026-00624 / MMSA-2026-00625)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker wit...

UBUNTU-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-55705

CVE-2025-55705 describes a session management weakness in charging-station backends: an attacker can establish multiple concurrent sessions by reusing the same charging-station ID due to lack of proper session expiration and management. Documentation across sources (NVD, Red Hat, CIRCL, EUVD, ics...

PT-2026-4302

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The system allows multiple simultaneous connections to the backend using the same charging station ID. This can lead to unauthorized access, data inconsistency, or...

EUVD-2021-6748

Malicious code in bioql PyPI...

CVE-2002-1942

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service crash via a large number of concurrent sessions...

Configure a Proper Number of Concurrent Sessions Allowed for a Single SSH Connection

SSH allows a client that supports multiplexing to establish multiple sessions based on a network connection. MaxSessions limits the number of concurrent SSH sessions that can be established for each network connection. This prevents system resources from being occupied by a single connection or a...

FreeBSD : xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions (c9ff1150-5d63-11ee-bbae-1c61b4739ac9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c9ff1150-5d63-11ee-bbae-1c61b4739ac9 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper...

SUSE CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

Uncontrolled Resource Consumption in node-opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

CVE-2022-25304 Denial of Service (DoS)

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

python-opcua 安全漏洞

python-opcua is an LGPL pure Python OPC-UA client and server from the Free OPC-UA Library open source. A security vulnerability exists in python-opcua that stems from the lack of a limit on the number of blocks received per session or total number of all concurrent sessions...

open62541 安全漏洞

open62541 is an application software. An open source and free implementation of OPC UA OPC Unified Architecture, written in a common subset of the C99 and C++98 languages. A security vulnerability exists in open62541 versions prior to 1.2.5, 1.3-rc1, and 1.3.1, which stems from the lack of a limi...

CVE-2021-1281

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...

Cisco IOS XE SD-WAN Software 资源管理错误漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the CLI management for SD-WAN in Cisco IOS XE. The vulnerability stems from a problem with the way the software handles concurren...

ISC DHCP Denial of Service Vulnerability (CNVD-2016-01603)

ISC DHCP is the United States ISC Internet Systems Consortium company's set of open source Dynamic Host Configuration Protocol server software. A security vulnerability exists in ISC DHCP that stems from the program's failure to limit the number of concurrent TCP sessions. A remote attacker could...

HackerOne: No option to logout concurrent sessions

Description When I login to Hackerone using two different computers I can easily browse the session concurrently . This means that if an attacker somehow knows password of user by any means he can login using that info and the main user will not get notified. FIX If someone else login to a accoun...

CVE-2008-3157

Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service resource consumption via a large number of sessions...