Lucene search
K

38 matches found

Vulnrichment
Vulnrichment
added 2026/02/25 9:35 p.m.4 views

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

9.1CVSS5.9AI score0.00428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 9:35 p.m.1 views

CVE-2026-27575

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

9.1CVSS5.8AI score0.00428EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/25 9:35 p.m.23 views

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

9.1CVSS0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 9:35 p.m.4 views

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

9.1CVSS5.6AI score0.00428EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.10 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Vikunja 代码问题漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 had code vulnerabilities. These vulnerabilities stemmed from allowing the setting of weak passwords, where user-changed passwords still allowed active sessions to remain valid,...

9.1CVSS7.3AI score0.00428EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/29 3:6 a.m.11 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 8:50 p.m.1 views

GHSA-X7RP-QJ2H-GHGW Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

8.1CVSS6.3AI score0.00266EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/21 11:11 p.m.12 views

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service connection slot exhaustion by establishing many FTP sessions that persist for the lifetime of a DS session...

4.3CVSS7AI score0.0149EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/01/19 12:0 a.m.11 views

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

7AI score
Exploits0
Huntr
Huntr
added 2021/10/14 4:45 p.m.10 views

in forkcms/forkcms

Description Insufficient Session expiration even after Credential like password of the account is being updated. Proof of Concept open the same account in multiple browsers. change the password in one Browser. Reload the other one. as a result we can see the account on the other browser is not...

3.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 4:53 a.m.17 views

Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. (CVE-2012-3300)

Question Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. CVE-2012-3300 | -9F7F4EC1049C904F85257A77006D19A9- | Answer Flash Alert Abstract WebSphere Commerce contains a security vulnerability related to its use of persistent sessions a...

2.6CVSS0.4AI score0.01314EPSS
Exploits1Affected Software1
OSV
OSV
added 2019/06/19 4:15 p.m.5 views

CVE-2018-19878

An issue was discovered on Teltonika RTU950 R31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory...

6.5CVSS5.8AI score0.01191EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/24 12:0 a.m.233 views

Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities

According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getResource, getResourceAsStream, and getResourcePaths...

8.8CVSS7.2AI score0.1838EPSS
Exploits0References5
Kitploit
Kitploit
added 2015/08/10 8:39 p.m.24 views

HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...

7AI score
Exploits0References12
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

Multiple Vendor TCP Sequence Number Approximation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2004/04/20 12:0 a.m.30 views

Multiple Vendor - TCP Sequence Number Approximation (2)

Multiple Vendor - TCP Sequence Number Approximation 2 source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/03/05 12:0 a.m.26 views

Multiple Vendor - TCP Sequence Number Approximation (1)

Multiple Vendor - TCP Sequence Number Approximation 1 // source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may perm...

7.4AI score
Exploits0
Rows per page
Query Builder