28 matches found
EUVD-2026-22211
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...
PT-2026-32594
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140 Description The browser bridge is susceptible to unauthenticated remote session hijacking. This occurs due to a lack of authentication and a bypassable origin check ...
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
EUVD-2019-15098
Malware in sbrugna...
ROS-20250912-15
Apache Tomcat application server vulnerability is related to access differentiation flaws. Exploitation vulnerability could allow an attacker acting remotely to hijack a session and gain access to a user's user account...
ROS-20250912-16
Apache Tomcat application server vulnerability is related to access differentiation flaws. Exploitation vulnerability could allow an attacker acting remotely to hijack a session and gain access to a user's user account...
Linux Distros Unpatched Vulnerability : CVE-2017-17476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers ...
Linux Distros Unpatched Vulnerability : CVE-2014-9015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server th...
CVE-2022-26647
A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...
Exploit for CVE-2024-5420
CVE-2024-5420XSS Description A vulnerability was found in ut...
PT-2024-8964 · Brocade · Brocade Fabric Os
Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.2 Description: The issue is related to weaknesses in the authentication procedure of Brocade Fabric OS, allowing a remote attacker to hijack a service session. This could be achieved through...
SUSE CVE-2009-2964
Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...
SUSE CVE-2014-2066
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...
SUSE CVE-2015-5338
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...
Dell EMC SourceOne 跨站脚本漏洞
Dell EMC SourceOne is a powerful archiving solution for handling email, documents and data from disparate collaboration and messaging systems. A stored cross-site scripting vulnerability exists in Dell EMC SourceOne 7.2SP10 and earlier versions. A remote, low-privilege attacker could exploit this...
Session fixation
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...
CVE-2019-5523
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...
CVE-2019-5523
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...
CVE-2019-5523
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...
CVE-2019-5523
Vulnerability CVE-2019-5523 affects VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3. The issue is a Remote Session Hijack in the Tenant and Provider Portals, allowing an attacker to access those portals by impersonating a currently logged-in session. Public references (VMware ...