Lucene search
K

23 matches found

SUSE CVE
SUSE CVE
added 2026/06/23 2:20 a.m.8 views

SUSE CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:36 p.m.7 views

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:36 p.m.35 views

CVE-2026-9162 Global session revocation does not invalidate active WebSocket connections

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:36 p.m.11 views

CVE-2026-9162

Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51322

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.17 Mattermost versions 11.5.x through 11.5.5 Mattermost versions 11.6.x through 11.6.2 Mattermost versions 11.7.x through 11.7.0 Description An issue exists where the system fails to invalidate cached...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 8:16 a.m.16 views

CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

8.8CVSS0.00362EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/21 6:18 a.m.8 views

CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.7AI score0.00362EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 10:11 p.m.18 views

CVE-2026-44693

Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:11 p.m.7 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 1:46 a.m.43 views

CVE-2026-41458

OwnTone Server versions 28.4–29.0 are affected by a race condition in the DAAP login handler that allows unauthenticated attackers to crash the server by flooding the /login endpoint due to unsynchronized access to the global DAAP session list. The CVE record indicates a fix in 29.1; upgrade to 2...

8.2CVSS5.8AI score0.00364EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 12:26 a.m.5 views

GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

5.3CVSS6AI score0.00504EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-6654

Malware in sbrugna...

6.1CVSS6.4AI score0.0107EPSS
Exploits1References6
OSV
OSV
added 2025/04/16 3:15 p.m.2 views

DEBIAN-CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...

8.8CVSS5.7AI score0.00564EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 2:16 a.m.13 views

CVE-2024-50286

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

7.8CVSS0.00267EPSS
Exploits0References5
OSV
OSV
added 2024/11/19 2:16 a.m.1 views

DEBIAN-CVE-2024-50286

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

7CVSS6.1AI score0.00267EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/16 12:0 a.m.4 views

Cacti cross-site scripting vulnerability (CNVD-2017-32248)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

6.1CVSS6.2AI score0.0107EPSS
Exploits1References1
OSV
OSV
added 2017/10/11 1:32 a.m.16 views

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder