CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

CVE•added 2025/11/19 12:0 a.m.•7 views

CVE-2025-63212

The vulnerability CVE-2025-63212 affects GatesAir Flexiva-LX devices running firmware 1.0.13 and 2.0 (LX100/LX300/LX600/LX1000). The issue is that sensitive session identifiers (sid) are written to a publicly accessible log at /log/Flexiva%20LX.log, enabling an unauthenticated attacker to hijack ...

6.5CVSS6.5AI score0.00058EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/08/27 10:21 a.m.•2 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS7.2AI score0.00036EPSS

Exploits0References1

CVE•added 2025/08/27 10:21 a.m.•14 views

CVE-2025-30041

CVE-2025-30041 concerns exposure of session identifiers via three CGI script paths: /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl. The description indicates that these endpoints expose data containing session ID...

9CVSS6.2AI score0.00036EPSS

Exploits0References1

Positive Technologies•added 2025/08/27 12:0 a.m.•3 views

PT-2025-34848 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The paths /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl expose data containing session IDs...

9.4CVSS5.9AI score0.0006EPSS

Exploits0References5

Positive Technologies•added 2025/08/27 12:0 a.m.•3 views

PT-2025-34847 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...

9.4CVSS5.9AI score0.00077EPSS

Exploits0References6

RedHat Linux•added 2018/10/01 7:42 p.m.•2 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.00396EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by