Lucene search
K

5 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-35095 Session fixation in KTM System e-BOK

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS5.3AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 11:55 a.m.12 views

CVE-2026-25101

Bludit exposes a session fixation vulnerability: an attacker can set a user’s session ID before authentication, and the ID persists after login, enabling session hijacking. The issue affects Bludit and is fixed in version 3.17.2. Metrics indicate a high-impact CVSS base score (C/H I/H A/H) with n...

9.8CVSS5.8AI score0.01919EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 11:35 a.m.2 views

CVE-2026-24352 Session Fixation in PluXml CMS

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

4.8CVSS5.9AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 11:7 a.m.5 views

EUVD-2026-5552

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

4.8CVSS5.4AI score0.00268EPSS
Exploits0References2
Rows per page
Query Builder