48 matches found
CVE-2026-49871
CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...
WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents
WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...
CVE-2026-47068
The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...
📄 cPanel Authentication Manipulation / Session Injection
This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...
Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2025-22251)
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
NewStart CGSL MAIN 6.06 (SP) : kernel Multiple Vulnerabilities (NS-SA-2026-0008)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has kernel packages installed that are affected by multiple vulnerabilities: - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of...
CVE-2018-25160
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
EUVD-2018-21615
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
📄 Apache Tomcat 11.0.3 Remote Session Injection
A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...
EUVD-2021-18879
Malware in sbrugna...
EUVD-2006-3013
Malware in sbrugna...
EUVD-2025-17799
Malicious code in bioql PyPI...
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
CVE-2025-22251
FortiOS CVE-2025-22251: An improper restriction of the FGSP session synchronization channel allows an unauthenticated attacker to inject unauthorized sessions. Affected FortiOS versions are 7.6.0, 7.4.0–7.4.5, 7.2 all versions, 7.0 all versions, and 6.4 all versions. This CWE-923 issue can enable...
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability CWE-923 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security...