472 matches found
CVE-2026-59224
Open WebUI vulnerability CVE-2026-59224 affects versions prior to 0.10.0. The issue: in backend/open_webui/routers/terminals.py, the ws_terminal upstream URL is built from an unencoded session_id and appends user_id as a query parameter, enabling query injection to make the terminal backend resol...
CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS
Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...
CVE-2026-24013
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...
CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
CVE-2026-56016
CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...
CVE-2026-50744
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...
EUVD-2026-39600
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...
PT-2026-52591
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...
EUVD-2026-38285
Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...
CVE-2026-56104
CVE-2026-56104 affects Chainlit prior to 2.10.1. A session-hijacking flaw lets unauthenticated attackers restore and inherit an authenticated user session by presenting a valid sessionId during WebSocket session restoration, without ownership verification. The attacker can exploit the restore_exi...
CVE-2026-56425
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...
Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind
Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...
EUVD-2026-37079
A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...
CVE-2026-49843
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
EUVD-2026-35492
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
Spring Framework 授权问题漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework contain authorization vulnerabilities. These vulnerabilities stem from the WebFlux application,...
CVE-2026-45746
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
CVE-2026-46538
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
CVE-2026-42608
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...
CVE-2026-35196
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...