Lucene search
K

88 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27331

Malware in sbrugna...

5.8CVSS5.9AI score0.00775EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/22 4:13 p.m.7 views

CVE-2025-59335 CubeCart Session Not Invalidated After Password Change

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized use...

7.1CVSS6.5AI score0.0019EPSS
Exploits1References3
CVE
CVE
added 2025/08/29 10:1 a.m.20 views

CVE-2025-4643

The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...

6.3CVSS6.4AI score0.00484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-58237

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence,...

5.5CVSS6.8AI score0.00153EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.3 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from improperly invalidated personal access tokens, which can be exploited by an attacker to maintain full system access...

5.4CVSS6.8AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/27 3:14 a.m.5 views

SUSE CVE-2021-47639

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

6.4CVSS6.5AI score0.00237EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.9 views

PT-2024-27940 · Ibm · Ibm Aspera Shares

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.0 through 1.10.0 PL3 Description: The issue allows an authenticated user to impersonate another user on the system because sessions are not invalidated after a password reset. Recommendations: For IBM Aspera Share...

6.5CVSS7.1AI score0.00227EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.2 views

IBM Cloud Pak for Security和IBM QRadar Suite 代码问题漏洞

IBM Cloud Pak for Security and IBM QRadar Suite are both products of International Business Machines IBM, U.S.A. IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automate...

4.7CVSS6.4AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2024/04/17 10:15 a.m.1 views

DEBIAN-CVE-2024-26832

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after we get a folio from readswapcacheasync, we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it wa...

5.5CVSS5.4AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.7 views

Alf.io Code Issue Vulnerability

alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from allowing users after invalidated/deleted to access administrative areas...

7.6CVSS7AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.6 views

PT-2024-13219 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3 Description: The issue allows an authenticated user to impersonate another user on the system due to the failure to invalidate session after logout...

8.8CVSS8.4AI score0.00381EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.60 views

AnyDesk < 8.0.8 Invalidated Signing Certificate

A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be invalidated. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

5.5AI score
Exploits0References3
OpenVAS
OpenVAS
added 2023/10/27 12:0 a.m.38 views

SUSE: Security Advisory (SUSE-SU-2023:4210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits22References10
Vulnrichment
Vulnrichment
added 2023/05/09 12:0 a.m.7 views

CVE-2023-28316

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled...

9.4AI score0.00724EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 7:42 p.m.25 views

CVE-2023-22492 RefreshToken invalidation vulnerability

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/10/06 6:16 p.m.3 views

CVE-2022-40160

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

6.5CVSS6.5AI score0.01188EPSS
Exploits0References2
OSV
OSV
added 2022/10/06 6:16 p.m.4 views

UBUNTU-CVE-2022-40159

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

6.5CVSS5.7AI score0.01188EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/10/06 12:0 a.m.6 views

CVE-2022-40159

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

6.5CVSS6.5AI score0.01188EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:9 p.m.26 views

Security Bulletin: Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2013-4002, CVE-2013-5409, CVE-2013-5405, CVE-2013-5406, CVE-2013-5407, CVE-2013-5411, CVE-2013-5413)

Abstract IBM Sterling B2B Integrator 5.2 and IBM Sterling File Gateway 2.2 are affected by multiple security vulnerabilities. These vulnerabilities include: - Denial of Service - SQL Injection - Cross-Site Scripting - Windows MHTML Cross-Site Scripting - Frame Injection - Link Injection -...

7.1CVSS8.2AI score0.24738EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/06/20 5:15 p.m.15 views

Code injection

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.5CVSS9.1AI score0.00408EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder