Lucene search
K

33 matches found

CVE
CVE
added yesterday14 views

CVE-2026-15389

Sesame Time web app and its REST v3 API expose an access-control weakness in session management: USID is used as the sole validator without verifying ownership, enabling session impersonation when a valid USID is obtained. The flaw is worsened by poor session lifecycle management, as new logins g...

8.7CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51391

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions prior to 5.6.5 Description A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 6:30 p.m.37 views

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 3:31 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

6.9CVSS5.8AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 12:16 p.m.7 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:0 a.m.4 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/15 11:0 a.m.2 views

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS6.6AI score0.00145EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.13 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 10.11.12 and earlier of the 10.11.x series, as well as versions 11.5.0 and earlier of the 11.5.x series, 11.4.2 and earlier of the 11.4.x series, and 11.3...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated...

4.4CVSS5.9AI score0.00311EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:25 p.m.3 views

CVE-2026-34224

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00311EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/31 2:25 p.m.4 views

CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00311EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.10 views

PT-2026-28613

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.64 Parse Server versions prior to 9.7.0-alpha.8 Description Parse Server is an open source backend deployable on Node.js infrastructure. An attacker with a valid authentication provider token and a single MFA...

4.4CVSS5.9AI score0.00311EPSS
Exploits0References12
Metasploit
Metasploit
added 2026/03/13 6:57 p.m.252 views

FreePBX filestore authenticated command injection

This module exploits an authenticated command injection vulnerability CVE-2025-64328 in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH...

8.6CVSS6.1AI score0.84618EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.10 views

CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

9.8CVSS5.3AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 10:32 p.m.3 views

CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

7.3CVSS5.5AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/08 10:20 p.m.3 views

Cross-site Scripting (XSS)

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Cross-site Scripting XSS via the postlogoutredirect parameter in the logout process. An attacker can execute arbitrary JavaScript code in the context ...

8CVSS5.6AI score0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/25 12:6 a.m.9 views

CVE-2025-0251 HCL IEM is affected by a concurrent login vulnerability

HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks...

2.6CVSS0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.7 views

PT-2025-30714 · Hcl · Hcl Iem

Name of the Vulnerable Software and Affected Versions: HCL IEM affected versions not specified Description: The application allows multiple concurrent sessions using the same user credentials, potentially introducing security risks. Recommendations: At the moment, there is no information about a...

2.6CVSS6.3AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/03/19 3:15 p.m.10 views

CVE-2024-42176

HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information...

8CVSS5.8AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder