Lucene search
K

89 matches found

EUVD
EUVD
added 2026/04/22 6:31 p.m.4 views

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:4 p.m.9 views

CVE-2026-6515 Insufficient Session Expiration in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:4 p.m.40 views

CVE-2026-6515

GitLab CVE-2026-6515 affects GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The issue could allow a user to reuse invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions (insufficient session expiration). Remed...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 4:4 p.m.24 views

CVE-2026-6515 Insufficient Session Expiration in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:4 p.m.4 views

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/21 10:21 p.m.31 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 10:21 p.m.4 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:11 p.m.4 views

CVE-2026-40587 blueprintUE: Active Sessions Are Not Invalidated After Password Change or Reset

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 11:16 a.m.8 views

UBUNTU-CVE-2026-23348

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References6
CVE
CVE
added 2026/03/20 9:16 a.m.23 views

CVE-2026-33124

Frigate (NVR) prior to version 0.17.0-beta1 allows any authenticated user to change their own password without providing the current password via /users/{username}/password. Affected component: password change functionality; root cause includes lack of current-password verification and no passwor...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Frigate 授权问题漏洞

Frigate is a complete native NVR developed by Blake Blackshear, designed specifically for home assistants with AI object detection capabilities. Versions of Frigate prior to 0.17.0-beta1 contained an authorization vulnerability. This vulnerability stemmed from the fact that changing passwords did...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 4:16 p.m.7 views

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

9.8CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 3:30 p.m.3 views

CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

6CVSS5.9AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 3:30 p.m.12 views

CVE-2025-59786

CVE-2025-59786 affects 2N Access Commander, with version 3.4.2 and earlier. The root cause is improper invalidation of session tokens, allowing multiple session cookies to remain active after logout in the web application. Impact described across multiple sources includes potential unauthorized a...

9.8CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/25 12:30 p.m.6 views

EUVD-2026-8634

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.4AI score0.00075EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21250

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

8.6CVSS5.5AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:31 a.m.8 views

CVE-2014-7747

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/04 10:15 p.m.3 views

CVE-2024-43181

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.5CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 10:43 a.m.11 views

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS0.00641EPSS
Exploits0References4
Rows per page
Query Builder