Lucene search
K

15 matches found

GithubExploit
GithubExploit
added 2026/06/16 5:49 p.m.79 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 ⚠ This tool is created solely for education...

9.8CVSS6.2AI score0.981EPSS
Exploits64
Vulnrichment
Vulnrichment
added 2025/09/25 3:15 p.m.2 views

CVE-2025-59841 FlagForgeCTF's Improper Session Handling Allows Access After Logout

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...

9.8CVSS6.4AI score0.00394EPSS
Exploits0References2
CVE
CVE
added 2025/09/25 3:15 p.m.16 views

CVE-2025-59841

Flag Forge CT F’s CVE-2025-59841 describes a flaw in session invalidation for versions 2.2.0 through 2.3.0, allowing authenticated users to access protected endpoints (e.g., /api/profile) after logout and leaving CSRF tokens valid post-logout. The issue is mitigated by upgrading to version 2.3.1,...

9.8CVSS6.4AI score0.00394EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.19 views

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

8.8CVSS6.9AI score0.00406EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.3 views

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

6.5AI score0.00406EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36919

Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M AX300 4G LTE Router version BL-R8800 B10 ALK SL V01.01.02P42U14 06 Description: The LB-Link BL-CPE300M AX300 4G LTE Router does not implement proper session handling. After a user authenticates from a specific IP address, t...

6.5AI score0.00406EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞

LB-Link BL-CPE300M AX300 4G LTE Router is a router from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M AX300 4G LTE Router that stems from improper session handling, which could lead to authentication bypass...

8.8CVSS6.8AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/09 12:0 a.m.9 views

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

0.00406EPSS
Exploits1References2
Snyk
Snyk
added 2022/10/18 12:0 a.m.5 views

Exposure of Data Element to Wrong Session

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user session states. An attacker can escalate privileges and perform...

6.3CVSS7.1AI score
Exploits0References2
CNVD
CNVD
added 2018/07/03 12:0 a.m.5 views

TP-Link TL-WR840N and TL-WR841N Authentication Bypass Vulnerability

TP-Link TL-WR840N and TL-WR841N are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WR840N and TL-WR841N, which originates from the program failing to properly handle sessions. An attacker can exploit the vulnerability to perform arbitrary...

10CVSS9.3AI score0.36516EPSS
Exploits1References1
OSV
OSV
added 2014/12/12 3:59 p.m.2 views

DEBIAN-CVE-2014-8124

OpenStack Dashboard Horizon before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page...

5CVSS6.9AI score0.02864EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/01/20 12:0 a.m.28 views

RedHat Security Advisory RHSA-2009:0057

The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering with no JavaScript required for maximu...

6.5CVSS7.5AI score0.01675EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/01/20 12:0 a.m.21 views

RedHat Security Advisory RHSA-2009:0057

The remote host is missing updates announced in advisory RHSA-2009:0057. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering with no JavaScript required for maximu...

6.5CVSS7.5AI score0.01675EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/01/20 12:0 a.m.36 views

RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0057)

An updated squirrelmail package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package writte...

6.5CVSS7.2AI score0.01855EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2005/02/28 12:0 a.m.189 views

phpBB <= 2.0.12 Multiple Vulnerabilities

The remote host is running a version of phpBB that suffers from a session handling flaw allowing a remote attacker to gain access to any account, including that of an administrator. Also, there is a path disclosure bug in 'viewtopic.php' that can be exploited by a remote attacker to reveal...

7.5CVSS5.5AI score0.0755EPSS
Exploits0References3
Rows per page
Query Builder