Lucene search
K

39 matches found

NVD
NVD
added last week10 views

CVE-2026-57948

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS0.00126EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-40165

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.5AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 12:16 a.m.7 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:6 a.m.2 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 12:6 a.m.24 views

CVE-2026-24318

The CVE concerns SAP Business Objects BI Platform. An insecure session management flaw could allow an unauthenticated attacker to obtain valid session tokens and reuse them to access or modify data within a victim’s session scope, impacting confidentiality and integrity (availability unchanged). ...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.29 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32551

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/09 11:24 a.m.21 views

CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:24 a.m.3 views

CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS6.4AI score0.00451EPSS
Exploits0References1
Kitploit
Kitploit
added 2024/06/23 12:30 p.m.157 views

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

8.5AI score
Exploits0References2
Veracode
Veracode
added 2023/03/27 2:28 a.m.235 views

Insecure Session Management

spring-vault-core is vulnerable to Insecure Session Management. The vulnerability exists because the library does not properly hide sensitive information from logs after a revocation failure, which allows an attacker to insert sensitive information into a log file when it attempts to revoke a Vau...

5.5CVSS5.2AI score0.00223EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/12/16 4:14 a.m.21 views

Insufficient Session Expiration

derhansen/fechangepwd uses insecure session management. The vulnerability exists because the updatePassword functions in FrontendUserService.php fails to revoke existing sessions for the current user when the password has been changed, allowing an attacker to bypass the authentication mechanism...

9.8CVSS9.2AI score0.00441EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/11/08 4:14 p.m.28 views

Insecure Session Management

IBM MQ is vulnerable to insecure session management. The vulnerability exists because the sessions are not properly terminated after logout which allows an attacker to get access to the user sessions of other users...

6.5CVSS6.2AI score0.00418EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/10/20 8:18 a.m.18 views

Insecure Session Management

rdiffweb is vulnerable to insecure session management. The vulnerability exists because user sessions are not properly defined with session persistent timeout which allows an attacker to access the active sessions of other users and perform unauthorized actions...

9.8CVSS8.8AI score0.00749EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/10 8:15 p.m.14 views

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

9.1CVSS0.00626EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.5 views

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

9.1CVSS7.3AI score0.00626EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/08/09 8:13 p.m.52 views

CVE-2022-35293

SAP Enable Now is affected by insecure session management that allows an unauthenticated attacker to gain access to a user’s account, with possible viewing or modification of user data and limited impact on confidentiality and integrity. The connected documents confirm the issue but do not provid...

9.1CVSS9.3AI score0.00626EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/09 8:13 p.m.25 views

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

9.6AI score0.00626EPSS
Exploits0References2
Veracode
Veracode
added 2021/11/09 2:39 a.m.24 views

Insecure Session Management

apostrophe uses insecure session management. The session object does not exist in task requests, allowing a malicious user to hijack logged-in user's sessions recently...

9.8CVSS1.4AI score0.01103EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder