19 matches found
org.keycloak/keycloak-services: Session fixation in OIDC login flow that can lead to account takeover
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
org.keycloak/keycloak-services: Session fixation in OIDC login flow that can lead to account takeover
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
GHSA-HF67-5VVQ-FM3R Keycloak: Session fixation in OIDC login flow that can lead to account takeover
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
CVE-2026-7507
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
EUVD-2026-30889
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
CVE-2026-7507
Keycloak (org.keycloak/keycloak-services) contains a session-fixation vulnerability in login-actions endpoints. An unauthenticated attacker can pre-create an authentication session and lure a victim to a crafted link. By abusing /login-actions/restart, which handles session state without adequate...
CVE-2026-7507 Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
CVE-2026-7507
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
CVE-2026-7507
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
PT-2026-41880
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
PicoClaw has an Injection issue in its Web Launcher Management Plane component
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
EUVD-2026-25663
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
CVE-2026-6987
CVE-2026-6987 affects PicoClaw up to version 0.2.4, with the vulnerability located in the web component file path /api/gateway/restart within the Web Launcher Management Plane . The issue is described as a manipulation that leads to command injection and appears exploitable remotely. Concrete aff...
CVE-2025-14878
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...
CVE-2025-32012
Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...
CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing
Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...
PT-2024-11051 · Unknown · Trudesk Help Desk/Ticketing Solution
Name of the Vulnerable Software and Affected Versions: TruDesk Help Desk/Ticketing Solution version 1.1.11 Description: The issue allows an attacker to perform a Cross-Site Request Forgery CSRF attack, enabling them to restart the server and cause a Denial of Service DoS attack. To exploit this,...
PT-2019-2565 · Abb · Abb Idal
Name of the Vulnerable Software and Affected Versions: ABB IDAL affected versions not specified Description: The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, the...