Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2026/06/16 1:16 p.m.10 views

CVE-2026-9507

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/16 11:47 a.m.9 views

EUVD-2026-37079

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
CVE
CVEadded 2026/06/16 11:47 a.m.14 views

CVE-2026-9507

CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/01 5:9 p.m.30 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.0029EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.3 views

CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...

8.8CVSS6.8AI score0.00587EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.3 views

PT-2025-45338

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 through 2025.3.5.0 Description A flaw exists in Devolutions Server related to improper privilege management during the handling of pre-MFA cookies. A low-privileged authenticated user can potentially...

8.8CVSS6.5AI score0.00587EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-30638

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00593EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/05/06 4:37 p.m.22 views

CVE-2022-26070 Error message discloses internal path

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

4.3CVSS4.8AI score0.00593EPSS
Exploits0References1
CVE
CVEadded 2022/05/06 4:37 p.m.84 views

CVE-2022-26070

CVE-2022-26070 affects Splunk Enterprise versions before 8.1.0. The issue is information disclosure: when handling a mismatched pre-authentication cookie, the response leaks the Splunk local system path in an internal error message. Red Hat and other sources corroborate the same description; Red ...

4.3CVSS4.5AI score0.00593EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder