Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-41839

A flaw was found in Spring Framework. A remote attacker, by compromising a subdomain of a WebFlux application for example, through cross-site scripting XSS, could exploit this vulnerability to escalate privileges. This allows the attacker to exchange a known session ID for that of an authenticate...

4.2CVSS4.7AI score0.00197EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/15 5:41 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the session management API due to a missing permission check. An attacker can impersonate other users and access sensitive resources by updating sessions if they know the session ID. Remediation Upgrade...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.8 views

PT-2023-23982 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: An unauthorized user can access the...

4.3CVSS6.9AI score0.00362EPSS
Exploits0References5
OSV
OSV
added 2022/11/16 10:15 p.m.7 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.8CVSS5.8AI score0.00804EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 5:21 p.m.5 views

GHSA-H564-6GC2-FCC6 Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.3CVSS6.8AI score0.0077EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2013/12/24 12:0 a.m.44 views

Fat Free CRM CSRF / SQL Injection / Known Secret

To whom it may concern: A rather informal advisory on Fat Free CRM http://fatfreecrm.com/: Timeline: Aug 27th 2013 Initial email containing the findings listed below including a note that there more vulnerabilities which just need to be verified. Send to [email protected] and...

0.3AI score
Exploits0
Rows per page
Query Builder