27 matches found
CVE-2026-56774
What is affected: Kanboard up to version 1.2.52. Root cause: UserViewController::removeSession does not validate the session id before calling RememberMeSessionModel::remove. Impact: Authenticated users can enumerate sequential session IDs to mass-invalidate persistent login sessions (including a...
SUSE CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...
EUVD-2018-4540
Malware in sbrugna...
CVE-2024-42170
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session...
CVE-2023-42913
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions...
CVE-2023-42913
CVE-2023-42913 affects macOS Sonoma 14.2 where remote Login sessions may obtain full disk access due to an issue in state management. Apple and Red Hat/NVD references indicate the vulnerability is addressed in macOS Sonoma 14.2 (with fixes applied to Remote Login/session handling). The root cause...
Fortinet Fortigate (FG-IR-22-444)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...
CVE-2022-43947
An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-forc...
Protect
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...
CVE-2021-25979
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...
Session fixation
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...
jenkins: session fixation vulnerability
Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...
jenkins: session fixation vulnerability
Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...
Linux: Read pam_limits module config files (KB)
The pamlimits.so module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions. This description of the configuration file syntax applies to the /etc/security/limits.conf file and .conf files in the /etc/security/limits.d directory. Note: This...
How To Check If Your Twitter Account Has Been Hacked
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter h...
DragonByte vBSecurity for vBulletin Cross-Site Scripting Vulnerability
DragonByte vBSecurity for vBulletin is a suite of vBulletin-based security protection software for web sites from DragonByte Technologies, Scotland. The software monitors configuration file changes, user logins, and alerts you when your website's security is threatened. A cross-site scripting...