Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/06/09 4:4 p.m.36 views

CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.10 views

PT-2026-47850

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description In the mod verto module, the JSON-RPC handler binds the connection to the client-supplied sessid during the first frame before the authentication gate. This binding process inserts the connection...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2026/04/08 1:18 p.m.43 views

curl: libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire

Summary: curleasysslsimport deserializes a TLS session blob and stores it in the in-memory session cache. In Curlsslsessionunpack lib/vtls/vtlsspack.c:311, the validuntil field is read as uint64t and cast directly to curlofft int64t with no bounds check — so a crafted blob encoding validuntil =...

5.9AI score
Exploits0
CNNVD
CNNVDadded 2020/11/18 12:0 a.m.5 views

Cisco Webex Meetings Input Validation Error Vulnerability

Cisco Webex Meetings is a videoconferencing solution from Cisco. A security vulnerability exists in Cisco Webex Meetings and Cisco Webex Meetings Server, which results from synchronization issues between meetings and media services on vulnerable Webex websites. An attacker could exploit the...

6.5CVSS6.6AI score0.01734EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2015/10/15 12:29 p.m.4 views

python-django: Denial-of-service possibility in logout() view by filling session store

It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...

5CVSS7.1AI score0.04928EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2015/09/10 11:44 a.m.1 views

python-django: Denial-of-service possibility in logout() view by filling session store

It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...

5CVSS7.1AI score0.05163EPSS
Exploits0References4
Rows per page
Query Builder