Lucene search
K

112 matches found

OSV
OSV
added 2026/05/19 1:29 p.m.3 views

CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal

HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP...

9.5CVSS6.4AI score0.01072EPSS
Exploits0References8
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.174 views

Craft CMS 5.6.16 - RCE

Exploit Title: Craft CMS 5.6.16 - RCE Google Dork: N/A Date: 2026-01-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Vendor Homepage: https://craftcms.com Software Link: https://github.com/craftcms/cms Version: = 3.9.14, = 4.14.14, = 5.6.16 Tested on: Linux, Apache/Nginx, PHP 8...

10CVSS8.8AI score0.99803EPSS
Exploits14
NVD
NVD
added 2026/03/20 6:16 a.m.14 views

CVE-2026-33043

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

8.1CVSS0.00345EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 5:52 a.m.7 views

CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

8.1CVSS5.7AI score0.00345EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.7 views

PT-2026-26000

Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...

8.1CVSS5.9AI score0.00345EPSS
Exploits1References9
CVE
CVE
added 2026/01/06 3:52 p.m.7 views

CVE-2020-36913

All-Dynamics Software enlogic:show 2.0.2 is affected by a session-fixation vulnerability that allows an attacker to set a predefined PHP session identifier during login. By forging a crafted HTTP GET to welcome.php with a manipulated session token, an attacker can bypass authentication and potent...

8.5CVSS7AI score0.00318EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4419

Malware in sbrugna...

7.5CVSS6.4AI score0.04382EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1694

Malware in sbrugna...

7.5CVSS6AI score0.09017EPSS
Exploits1References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-3067

Malware in sbrugna...

5CVSS6.4AI score0.0219EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4420

Malware in sbrugna...

7.5CVSS6.4AI score0.02041EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2007-4634

Malware in sbrugna...

4.4CVSS6.1AI score0.00607EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2012-2711

Malware in sbrugna...

2.6CVSS6.4AI score0.02168EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-0183

Malware in sbrugna...

2.1CVSS5.3AI score0.00383EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7684

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00394EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/19 6:46 p.m.4 views

CVE-2025-34188 Vasion Print (formerly PrinterLogic) Local Log Disclosure of Cleartext Sessions

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

8.4CVSS6AI score0.00287EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.8 views

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

5.4CVSS5.7AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.18 views

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

9.8CVSS7.9AI score0.06883EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:50 a.m.7 views

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

9.8CVSS9.5AI score0.01199EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.140 views

ABB Cylon Aspect 3.08.02 - PHP Session Fixation

Exploit title: ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability Advisory ID: ZSL-2025-5916 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5916.php CVE ID: CVE-2024-11317 CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-11317 Vendor: ABB Ltd. Product web page:...

10CVSS8.9AI score0.00436EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2016-6290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows...

9.8CVSS8.2AI score0.0548EPSS
Exploits0References2
Rows per page
Query Builder