Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.2 views

PT-2026-31070

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.9AI score0.00015EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/31 1:42 p.m.2 views

CVE-2025-64386 HIJACKING OF THE TOKEN AND GAINING ACCESS

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session...

7.7CVSS6.5AI score0.00045EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/10/27 9:22 p.m.4 views

CVE-2025-62781 PILOS is missing session regeneration after password change

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

5CVSS0.00028EPSS
Exploits0References1
NVD
NVDadded 2025/09/17 5:15 p.m.2 views

CVE-2025-35433

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1...

8.8CVSS0.00083EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/04/10 12:0 a.m.1 views

PT-2024-18409 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary affected versions not specified Description: The issue allows a removed user to change the organization name without proper authorization due to the lack of validation to check if a user is still part of an organization befor...

7.5CVSS7.5AI score0.00101EPSS
Exploits1References9
CNNVD
CNNVDadded 2024/04/10 12:0 a.m.3 views

lunary 授权问题漏洞

Lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary version 1.0.1 that stems from allowing deleted members to read, create, modify, and delete prompt templates using an old authorization token. An attacker can exploit this vulnerabilit...

9.1CVSS6.8AI score0.00161EPSS
Exploits1References2
FreeBSD
FreeBSDadded 2016/05/20 12:0 a.m.12 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...

2.4AI score
Exploits0References1
Rows per page
Query Builder