CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

OSV•added 2026/03/27 7:14 a.m.•1 views

BIT-PARSE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST API. This...

5.3CVSS5.7AI score0.00014EPSS

Exploits0References6

Cvelist•added 2026/03/24 6:22 p.m.•15 views

CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...

5.3CVSS0.00014EPSS

Exploits0References5

EUVD•added 2026/03/24 4:34 p.m.•2 views

EUVD-2026-14974

Parse Server's Session Update endpoint allows overwriting server-generated session fields...

5.3CVSS5.8AI score0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/03/18 9:33 p.m.•2 views

CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

4.3CVSS5.9AI score0.00021EPSS

Exploits0References3

OSV•added 2026/03/17 6:37 p.m.•1 views

GHSA-5V7G-9H8F-8PGG Parse Server session creation endpoint allows overwriting server-generated session fields

Impact An authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows...

4.3CVSS5.9AI score0.00021EPSS

Exploits0References5

Cvelist•added 2022/05/04 3:25 p.m.•11 views

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

4.3CVSS4.7AI score0.00391EPSS

Exploits0References1

securityvulns•added 2009/01/28 12:0 a.m.•59 views

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

0.5AI score

Exploits0

securityvulns•added 2008/12/04 12:0 a.m.•49 views

[HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation

HACKATTACK Advisory 20081203Pro Clan Manager 0.4.2 - Session Fixation Details Product: Pro Clan Manager CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.proclanmanager.com/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

0.4AI score

Exploits0

securityvulns•added 2007/06/03 12:0 a.m.•80 views

[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue

MajorSecurity Advisory 49Calimero.CMS - Session fixation Issue Details ======= Product: Calimero.CMS Affected version: 3.3.1232 and prior Remote-Exploit: yes Vendor-URL: http://www.calimero-cms.de Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...

0.5AI score

Exploits0

securityvulns•added 2007/05/29 12:0 a.m.•43 views

[MajorSecurity Advisory #48]eggblog - Session fixation Issue

MajorSecurity Advisory 48eggblog - Session fixation Issue Details ======= Product: eggblog Affected version: 3.1.0 and prior Remote-Exploit: yes Vendor-URL: http://www.eggblog.net Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...

0.7AI score

Exploits0

securityvulns•added 2007/05/07 12:0 a.m.•155 views

[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue

MajorSecurity Advisory 47Simple Machines Forum SMF - Session fixation Issue Details ======= Product: Simple Machines Forum SMF Affected version: 1.1.2 and prior Remote-Exploit: yes Vendor-URL: http://www.simplemachines.org Vendor-Status: informed Advisory-Status: published Credits ============...

0.3AI score

Exploits0

securityvulns•added 2007/04/08 12:0 a.m.•48 views

[MajorSecurity Advisory #41]onelook courts online - Session fixation Issue

MajorSecurity Advisory 41onelook courts online - Session fixation Issue Details ======= Product: courts online Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity....

0.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by