Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29161

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.1 MCP Java SDK versions prior to 1.1.1 Description The MCP Java SDK contains a hardcoded wildcard Cross-Origin Resource Sharing CORS configuration, specifically setting Access-Control-Allow-Origin to ''. This...

6.1CVSS7.5AI score0.00222EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/20 5:52 a.m.3 views

CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

8.1CVSS5.8AI score0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/08 10:35 a.m.22 views

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

6CVSS0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 10:35 a.m.3 views

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

6CVSS5.7AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:59 p.m.7 views

CVE-2021-36793

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...

7.5CVSS6.6AI score0.01013EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:7 p.m.1 views

GHSA-4JJJ-CM7Q-V6HR Jenkins Diagnostic page exposed session cookies

Jenkins shows various technical details about the current user on the /whoAmI page. In a previous fix, the Cookie header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID in Jenkins 2.218 and earlier, LTS 2.204.1 an...

5.4CVSS5.9AI score0.07044EPSS
Exploits0References9
CNVD
CNVD
added 2020/05/28 12:0 a.m.3 views

Centreon Information Disclosure Vulnerability (CNVD-2020-31118)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A security vulnerability exists in Centreon versions prior to 19.10.7, which is caused...

4.3CVSS6.9AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 9:15 p.m.3 views

CVE-2020-6178

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure...

5.4CVSS6.3AI score0.00726EPSS
Exploits0References2
CVE
CVE
added 2020/01/29 3:15 p.m.157 views

CVE-2020-2103

Jenkins

5.4CVSS5.5AI score0.07044EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2013/10/16 4:45 p.m.7 views

Web: jsessionid exposed via encoded url when using cookie based session tracking

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...

4.3CVSS6.3AI score0.01977EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/05/20 3:26 p.m.1 views

Web: jsessionid exposed via encoded url when using cookie based session tracking

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...

4.3CVSS6.3AI score0.01977EPSS
Exploits0References4
OSV
OSV
added 2010/12/06 9:5 p.m.7 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

7.3AI score
Exploits0References67
Rows per page
Query Builder