Lucene search
K

27 matches found

CVE
CVE
added 2026/06/25 6:10 p.m.12 views

CVE-2026-56774

What is affected: Kanboard up to version 1.2.52. Root cause: UserViewController::removeSession does not validate the session id before calling RememberMeSessionModel::remove. Impact: Authenticated users can enumerate sequential session IDs to mass-invalidate persistent login sessions (including a...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/29 12:29 a.m.4 views

SUSE CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

5.3CVSS5.9AI score0.00447EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/27 8:10 a.m.2 views

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.6 views

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 4:15 p.m.8 views

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

8.8CVSS0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.8 views

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

6.1CVSS7AI score0.00647EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4540

Malware in sbrugna...

6.1CVSS6.3AI score0.00647EPSS
Exploits0References2
OSV
OSV
added 2025/01/11 7:15 a.m.4 views

CVE-2024-42170

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session...

6.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/28 3:39 p.m.18 views

CVE-2023-42913

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions...

6.1AI score0.0054EPSS
Exploits0References1
CVE
CVE
added 2024/03/28 3:39 p.m.77 views

CVE-2023-42913

CVE-2023-42913 affects macOS Sonoma 14.2 where remote Login sessions may obtain full disk access due to an issue in state management. Apple and Red Hat/NVD references indicate the vulnerability is addressed in macOS Sonoma 14.2 (with fixes applied to Remote Login/session handling). The root cause...

8.8CVSS8.2AI score0.0054EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.27 views

Fortinet Fortigate (FG-IR-22-444)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...

8.8CVSS8AI score0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/11 4:7 p.m.23 views

CVE-2022-43947

An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-forc...

5CVSS8.9AI score0.00405EPSS
Exploits0References1
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.62 views

Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

6.5CVSS8.4AI score0.00405EPSS
Exploits0Affected Software3
OSV
OSV
added 2021/11/08 3:15 p.m.14 views

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2021/11/08 3:15 p.m.23 views

Session fixation

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

7.5CVSS9.2AI score0.01103EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2021/10/19 8:23 p.m.3 views

jenkins: session fixation vulnerability

Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...

7.5CVSS7.1AI score0.01706EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/17 12:16 p.m.3 views

jenkins: session fixation vulnerability

Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...

7.5CVSS7AI score0.01706EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/02/24 12:0 a.m.12 views

Linux: Read pam_limits module config files (KB)

The pamlimits.so module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions. This description of the configuration file syntax applies to the /etc/security/limits.conf file and .conf files in the /etc/security/limits.d directory. Note: This...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2018/09/13 1:15 p.m.141 views

How To Check If Your Twitter Account Has Been Hacked

Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter h...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/06/21 12:0 a.m.1 views

DragonByte vBSecurity for vBulletin Cross-Site Scripting Vulnerability

DragonByte vBSecurity for vBulletin is a suite of vBulletin-based security protection software for web sites from DragonByte Technologies, Scotland. The software monitors configuration file changes, user logins, and alerts you when your website's security is threatened. A cross-site scripting...

6.1CVSS5.8AI score0.00647EPSS
Exploits0References1
Rows per page
Query Builder