Lucene search
+L

6 matches found

curl
curl
added 2026/06/24 8:0 a.m.10 views

stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References1Affected Software2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.10 views

PT-2026-51752

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A flaw exists where the software fails to clear proxy authentication credentials when instructed to do so. This results in old credentials remaining available and potentially being used for...

9.8CVSS5.8AI score0.0108EPSS
Exploits6References70
euvd
euvd
added 2025/12/31 9:30 p.m.8 views

EUVD-2025-206077

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...

7.5CVSS6.5AI score0.00378EPSS
Exploits1References12
cve
cve
added 2025/12/31 6:40 p.m.12 views

CVE-2021-47740

CVE-2021-47740 affects KZTech JT3500V 4G LTE CPE 2.0.1. The issue is a session management vulnerability where the device accepts and reuses old session credentials without proper expiration, due to weak session handling. Impact stated in sources includes unauthorized access and potential compromi...

7.5CVSS6.7AI score0.00378EPSS
Exploits1References7
bdu_fstec
bdu_fstec
added 2025/02/05 12:0 a.m.5 views

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...

9CVSS5.5AI score
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/06/08 12:0 a.m.4 views

ZenML Code Issue Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...

8.8CVSS7AI score0.00405EPSS
Exploits1References2
Rows per page
Query Builder