EUVD-2026-21534

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the sid...

GHSA-X3PR-VRHQ-VQ43 AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration

Summary AVideo's sessionstart function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when the request originates from the same domain. Combined with the explicitly...

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

CVE-2025-65236

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

EUVD-2021-22788

Malware in sbrugna...

CVE-2021-36167

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

Gladinet CentreStack 安全漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. Provides self-hosted cloud storage. A security vulnerability exists in Gladinet CentreStack version v13.12.9934.54690. An attacker exploiting this vulnerability could inject malicious JavaScript into a...

School-Management-System SQL Injection Vulnerability

School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0 and 1.0.1, which stems from a parameter sid in the file examresults-par.php that can lead to SQL injection...

Fortinet FortiClient for Windows License Error Vulnerability

Fortinet FortiClient is a fabric agent from Fortinet USA, Inc. It is used to provide protection, compliance and secure access in a single modular lightweight client.Fortinet FortiClient for Windows 7.0.0, versions 6.4.6 and earlier and 6.2.8 and earlier are vulnerable to an authorization error. A...

CVE-2021-36167

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

CVE-2021-36167

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

Authorization

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

SQL Injection Vulnerability in Manage.php of Jinwei Smart Restaurant System Version 0.7.2

Jinwei Smart Restaurant System is a free restaurant management software. It is suitable for all kinds of large and small restaurants, as well as fast food, Chinese food, western food, hot pot restaurant and other kinds of catering business. SQL injection vulnerability exists in manage.php in...

Synology Photo Station Session Fixation Vulnerability

Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A session fixation vulnerability exists in SYNO.PhotoStation.Auth in Synology Photo Station versions prior to 6.8.7-3481, which can be exploited by remote attackers to hijack a web session with...

Apache2Triad Session Fixation Vulnerability

Apache2Triad is a server software deployment solution for Windows-based platforms. A session fixation vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability to hijack a web session with the help of the 'PHPSESSID' parameter...

CVE-2017-12965

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...

CVE-2016-4309

Session fixation vulnerability in Symphony CMS 2.6.7, when session.useonlycookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter...