26 matches found
CVE-2026-9603
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-9603
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...
EUVD-2026-32018
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-9603
CVE-2026-9603 affects SourceCodester eDoc Doctor Appointment System 1.0. The vulnerability is due to manipulation of the ID parameter in /admin/delete-session.php, leading to missing authorization and enabling remote exploitation. Public PoC/exploit details are referenced. Vulnerability details r...
PT-2026-43427
Name of the Vulnerable Software and Affected Versions SourceCodester eDoc Doctor Appointment System version 1.0 Description An issue exists in the '/admin/delete-session.php' endpoint where manipulation of the ID argument leads to missing authorization. This allows for remote exploitation of the...
SourceCodester eDoc Doctor Appointment System 安全漏洞
SourceCodester eDoc Doctor Appointment System is an open-source appointment system for doctors developed by SourceCodester. Version 1.0 of the SourceCodester eDoc Doctor Appointment System contains a security vulnerability. This vulnerability stems from incorrect parameter handling in the...
EUVD-2026-21142
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...
CVE-2026-35645
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...
CVE-2026-35645 OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...
CVE-2026-35645
OpenClaw is affected by a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function, which uses a synthetic operator.admin runtime scope. OpenClaw versions before 2026.3.25 are vulnerable to triggering session deletion to execute privileged operations with ...
CVE-2026-35645 OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...
GHSA-H4JX-HJR3-FHGC OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`
Summary Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway plugin subagent...
OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`
Summary Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway plugin subagent...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DeleteSess and Sess functions in the session lookup/deletion process. An attacker can cause a crash of the service by sending a specially crafted request with a very large SEID value, leading t...
Linux Distros Unpatched Vulnerability : CVE-2023-27600
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received a...
CVE-2025-4895
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. T...
SourceCodester Doctors Appointment System 注入漏洞
SourceCodester Doctors Appointment System is SourceCodester open source a doctor appointment system. An injection vulnerability exists in SourceCodester Doctors Appointment System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...
PT-2023-21241 · Opensips · Opensis
Name of the Vulnerable Software and Affected Versions: OpenSIPS versions prior to 3.1.7 and 3.2.4 Description: OpenSIPS is a Session Initiation Protocol SIP server implementation. The issue arises when a malformed SDP body is received and processed by the delete sdp line function in the sipmsgops...