Lucene search
+L

481 matches found

NVD
NVD
added 2026/05/27 11:16 p.m.25 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:56 p.m.12 views

EUVD-2026-32677

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.12 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 9:56 p.m.32 views

CVE-2026-46538

CVE-2026-46538 affects Microsoft UFO open-source framework; in version 3.0.1-4-ge2626659, the constellation client tracks pending task responses by session_id and does not bind completion to the originating device. An authenticated peer can forge a TASK_END with the same session_id to inject atta...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

5.9CVSS5.7AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.45 views

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS0.00171EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.16 views

libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

4.7CVSS6.5AI score0.00217EPSS
Exploits0References7
NVD
NVD
added 2026/05/18 6:17 p.m.19 views

CVE-2026-32848

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...

5.7CVSS0.00082EPSS
Exploits0References3
CVE
CVE
added 2026/05/18 5:52 p.m.17 views

CVE-2026-32848

CVE-2026-32848 concerns NetBSD: a race condition in the cryptodev_op() function of the opencrypto subsystem that can, under SMP, be triggered by concurrently issuing CIOCCRYPT operations on the same session identifier. The vulnerability allows a local attacker to exploit mutable per-operation sta...

5.7CVSS5.8AI score0.00082EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 5:52 p.m.3 views

CVE-2026-32848 NetBSD cryptodev Race Condition Double-Free via cryptodev_op()

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...

5.7CVSS5.9AI score0.00082EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29496

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800...

7.6CVSS5.8AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/05/10 1:16 a.m.25 views

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS0.00403EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/10 12:15 a.m.10 views

CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS5.7AI score0.00403EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/10 12:15 a.m.60 views

CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS0.00403EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.18 views

PT-2026-39427

Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description Improper authentication exists in the RMI Interface component. A remote attacker can manipulate the sessionId argument within the doAction function to bypass authenticatio...

6.9CVSS5.7AI score0.00403EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the operation of the doAction function in...

6.9CVSS6AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:49 a.m.20 views

CVE-2026-42276

Onyx has an IDOR vulnerability in POST /chat/stop-chat-session/{chat_session_id}. Authenticated users can stop other users’ active chat sessions because the endpoint authenticates the caller but does not verify that the session belongs to them. An attacker knowing a chat_session_id can interrupt ...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/06 11:22 p.m.10 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

7.1CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 11:24 a.m.7 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation due to the missing changeSessionId invocation after session binding. An attacker can hijack user sessions by exploiting the lack of session ID regeneration after authentication. Remediation Upgrade...

9.3CVSS5.8AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder