CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3911 matches found

CVE-2026-9507

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS

Exploits0References1

Cvelist•added yesterday•16 views

CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket

5.1CVSS

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-37079

5.1CVSS5.2AI score

Exploits0References1

CVE•added yesterday•12 views

CVE-2026-9507

CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...

5.1CVSS5.2AI score

Exploits0References1

NVD•added 2026/06/09 9:16 a.m.•9 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS0.00396EPSS

Exploits0References5

OSV•added 2026/06/09 9:16 a.m.•5 views

UBUNTU-CVE-2009-10007

9.1CVSS5.5AI score0.00396EPSS

Exploits0References7

Cvelist•added 2026/06/09 7:34 a.m.•35 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

0.00396EPSS

Exploits0References4

CVE•added 2026/06/09 7:34 a.m.•14 views

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

9.1CVSS5.5AI score0.00396EPSS

Exploits0References5

EUVD•added 2026/06/09 7:34 a.m.•9 views

EUVD-2009-5128

9.1CVSS5.5AI score0.00396EPSS

Exploits0References4

Vulnrichment•added 2026/06/09 7:34 a.m.•6 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

5.5AI score0.00396EPSS

Exploits0References4

Debian CVE•added 2026/06/09 7:34 a.m.•7 views

CVE-2009-10007

9.1CVSS5.5AI score0.00396EPSS

Exploits0

OSV•added 2026/06/09 5:16 a.m.•4 views

UBUNTU-CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00133EPSS

Exploits0References3

Cvelist•added 2026/06/09 3:49 a.m.•28 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

4.2CVSS0.00133EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 3:49 a.m.•4 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

4.2CVSS5.2AI score0.00133EPSS

Exploits0References1

CVE•added 2026/06/09 3:49 a.m.•17 views

CVE-2026-41839

The CVE-2026-41839 affects Spring Framework WebFlux. A WebFlux application with a compromised subdomain (e.g., via XSS) is vulnerable to an escalation attack that exchanges a known session ID for that of an authenticated user. Affected versions are: Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1...

4.2CVSS5.2AI score0.00133EPSS

Exploits0References1

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-47726

Name of the Vulnerable Software and Affected Versions Catalyst::Plugin::Authentication versions prior to 0.10 027 Description The software is susceptible to session fixation attacks because it does not automatically change the session id after authentication. This allows an attacker who obtains a...

9.1CVSS5.4AI score0.00396EPSS

Exploits0References8

CNNVD•added 2026/06/09 12:0 a.m.•3 views

Catalyst-Plugin-Authentication 授权问题漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10027 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the lack of automatic session ID changes after...

9.1CVSS5.3AI score0.00396EPSS

Exploits0References1

Tenable Nessus•added 2026/06/09 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2009-10007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not...

9.1CVSS5.5AI score0.00396EPSS

Exploits0References3

RedhatCVE•added 2026/06/08 4:34 p.m.•6 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00215EPSS

Exploits0References2

NVD•added 2026/06/08 3:16 p.m.•9 views

CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS0.00215EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by