Lucene search
K

79 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/07 3:30 p.m.2 views

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

7.5CVSS5.7AI score0.00157EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.13 views

PT-2026-23607

Name of the Vulnerable Software and Affected Versions Ghost versions 5.101.6 through 6.19.2 Description Incomplete CSRF protections around the /session/verify API endpoint allowed the use of One-Time Codes OTCs in login sessions different from the requesting session. This could potentially allow...

8.8CVSS5.6AI score0.00157EPSS
Exploits0References12
OSV
OSV
added 2026/02/17 4:43 p.m.5 views

GHSA-HV93-R4J3-Q65F OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing

Summary The issue is not deterministic session keys by itself. The exploitable path was accepting externally supplied sessionKey values on authenticated hook ingress, allowing a hook token holder to route messages into chosen sessions. Affected Behavior - POST /hooks/agent accepted payload...

7.1CVSS5.6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/28 3:30 p.m.4 views

EUVD-2025-36502

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.9AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/08 12:30 a.m.1 views

EUVD-2025-32991

Malicious code in cross-session npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/10/08 12:30 a.m.2 views

Malicious Package

Overview cross-session is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/08 12:30 a.m.2 views

MAL-2025-48015 Malicious code in cross-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46f6bdb0e17b0d49c9c3b316cc02bf5fb1964d956cd9a541c6fd2edd0eb5c551 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was...

4.7CVSS6.7AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1029

Malicious code in bioql PyPI...

8.3CVSS6.4AI score0.00722EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2025/08/14 1:3 p.m.3 views

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

8.7CVSS7.1AI score0.01471EPSS
Exploits2References12
GithubExploit
GithubExploit
added 2025/07/22 10:22 p.m.189 views

hermes-agent

Hermes Agent ☤ The self-improving AI agent b...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.5 views

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...

6.5CVSS6.7AI score0.00493EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.8 views

The vulnerability of the DCOM Remote Cross-Session Activation component of the Windows operating system allows attackers to increase their privileges.

The vulnerability of the DCOM Remote Cross-Session Activation component in the Windows operating system is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

7.5CVSS5.5AI score0.01488EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.26 views

CVE-2024-38061

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability...

7.5CVSS0.01488EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 5:15 p.m.2 views

CVE-2024-38061

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability...

7.5CVSS5.8AI score0.01488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 5:2 p.m.18 views

CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

...

7.5CVSS6.8AI score0.01488EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 5:2 p.m.37 views

CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

...

7.5CVSS0.01488EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 5:2 p.m.106 views

CVE-2024-38061

Technical details for CVE-2024-38061 (affected products, root cause, impact, fixes) are not provided in the supplied documents. No remediation or exploitation specifics are available here. Monitor for updates.

7.5CVSS8.5AI score0.01488EPSS
Exploits0References1Affected Software14
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-4763

The Windows File Explorer is affected by a privilege escalation issue, which allows attackers to gain access to a user's NetNTLM hash from any session on the computer, even with low-privileged user rights. This issue is related to unnecessary permissions being set in Access Security when...

7.8CVSS8.6AI score0.04515EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2024/03/22 4:17 a.m.4 views

SUSE CVE-2024-27935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

8.3CVSS7.2AI score0.00722EPSS
Exploits1References3
Rows per page
Query Builder