Lucene search
K

23 matches found

NVD
NVD
added 2026/05/27 11:16 p.m.14 views

CVE-2026-45322

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...

7.8CVSS0.01722EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:32 p.m.40 views

CVE-2026-45322 OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...

7.8CVSS0.01722EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.12 views

PT-2026-28576

Name of the Vulnerable Software and Affected Versions MCP Ruby SDK versions prior to 0.9.2 Description The Ruby SDK for Model Context Protocol servers and clients contains a session hijacking issue in its streamable http transport.rb implementation. An attacker obtaining a valid session ID can...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References14
Snyk
Snyk
added 2026/03/26 6:32 p.m.3 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation in the authentication process when callbackmode is set to direct. An attacker can gain unauthorized access to a victim's session by initiating an authentication request and tricking the victim into visiting a crafted UR...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005004)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005004 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found...

8.4CVSS5.7AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-8782

Malware in sbrugna...

4.9CVSS5.2AI score0.00828EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/05/23 3:5 a.m.4 views

SUSE CVE-2021-47232

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to...

8.4CVSS6.4AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2024/05/21 3:15 p.m.23 views

UBUNTU-CVE-2021-47232

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to...

8.4CVSS5.7AI score0.00239EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.5 views

Jenkins Security Inspector Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

8.8CVSS7.8AI score0.00372EPSS
Exploits0References3
OSV
OSV
added 2022/08/23 5:15 a.m.4 views

DEBIAN-CVE-2022-25304

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.3AI score0.01063EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:1 a.m.4 views

CVE-2022-25304

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.1AI score0.01063EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:0 a.m.8 views

CVE-2022-24381

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g...

7.5CVSS7.1AI score0.00734EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.3 views

ASNeG OPC UA Stack 安全漏洞

ASNeG OPC UA Stack is an open source framework open source by ASNeG Germany. It is used to develop and distribute OPC UA client/server applications. A security vulnerability exists in ASNeG OPC UA Stack that stems from the lack of a limit on the number of received blocks total number per session ...

7.5CVSS5.6AI score0.00734EPSS
Exploits0References2
Snyk
Snyk
added 2022/08/22 11:15 a.m.3 views

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An...

7.5CVSS7AI score0.01167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/16 12:0 a.m.5 views

PT-2024-11240 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a Use-after-Free problem in the Linux kernel, specifically in the can: j1939 module. The problem occurs when a skb is taken from the per-session skb queue witho...

8.4CVSS7.8AI score0.00239EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.26 views

F5 Networks BIG-IP : BIG-IP APM logging disclosure vulnerability (K37890841)

The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated administrators of the system. C Tenable...

4.9CVSS5.3AI score0.00828EPSS
Exploits0References2
OSV
OSV
added 2019/12/23 6:15 p.m.4 views

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

4.9CVSS5.8AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2019/12/17 2:15 p.m.5 views

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure issue 2 of 2.. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An...

5.9CVSS6.2AI score0.00365EPSS
Exploits1References2
Prion
Prion
added 2019/02/26 6:29 p.m.11 views

Design/Logic Flaw

The ETSI Enterprise Transport Security ETS, formerly known as eTLS protocol does not provide per-session forward secrecy...

4.3CVSS5.8AI score0.01522EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/26 6:0 p.m.13 views

CVE-2019-9191

The ETSI Enterprise Transport Security ETS, formerly known as eTLS protocol does not provide per-session forward secrecy...

5.8AI score0.01522EPSS
Exploits0References2
Rows per page
Query Builder