3 matches found
CVE-2026-56774 Kanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...
CVE-2022-25311
A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...
Vignette StoryServer Cross-user Session Information Disclosure
Binary data 1458.prm...