CVE-2026-47068

The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...

📄 cPanel Authentication Manipulation / Session Injection

This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...

Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2025-22251)

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

NewStart CGSL MAIN 6.06 (SP) : kernel Multiple Vulnerabilities (NS-SA-2026-0008)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has kernel packages installed that are affected by multiple vulnerabilities: - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of...

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

EUVD-2018-21615

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

📄 Apache Tomcat 11.0.3 Remote Session Injection

A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...

EUVD-2021-18879

Malware in sbrugna...

EUVD-2006-3013

Malware in sbrugna...

EUVD-2025-17799

Malicious code in bioql PyPI...

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

CVE-2025-22251

FortiOS CVE-2025-22251: An improper restriction of the FGSP session synchronization channel allows an unauthenticated attacker to inject unauthorized sessions. Affected FortiOS versions are 7.6.0, 7.4.0–7.4.5, 7.2 all versions, 7.0 all versions, and 6.4 all versions. This CWE-923 issue can enable...

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...

PT-2025-24713 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 through 7.6.0 FortiOS version 7.4.0 through 7.4.5 Description: The issue is related to an improper restriction of communication channel to intended endpoints, which may allow an unauthenticated attacker to inject...

Fortinet Fortigate Firewall session injection in FGSP (FG-IR-24-287)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-287 advisory. - An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 throug...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security...