CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

PT-2026-47037

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description A flaw in the access control logic allows an attacker to submit a crafted HTTPS POST request to set a session variable used for authorization decisions. In installations including the optional Job...

[SECURITY] Fedora 44 Update: perl-Apache-Session-Browseable-1.3.19-1.fc44

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

cPanel/WHM CRLF Injection Authentication Bypass RCE

Exploits CVE-2026-41940, a CRLF injection in cPanel/WHM's cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypasses the encoder, so...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 - cPanel & WHM Authentication Bypass Proof of C...

Exploit for CVE-2026-41940

CVE-2026-41940 — cPanel/WHM Contournement d'Authentification...

USN-8190-2 ruby-rack-session vulnerability

USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to...

USN-8190-1: Rack::Session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

Rack::Session 安全漏洞

Rack::Session is an open-source application developed by Official Rack repositories. Versions of Rack::Session prior to 2.1.2 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of Cookie decryption failures, which could lead to session manipulation and...

Invisible Adversaries: A Systematic Study of Session Manipulation Attacks on VPNs

Virtual Private Networks VPNs are widely used for censorship evasion and traffic protection. VPN users expect to be provided with adequate security protection, and at the same time not be affected by other users connected to the same VPN server, which can be illustrated as the non-interference...

GHSA-QPC3-8VQG-8G6W pymetasploit3 vulnerable to command injection in console.run_module_with_output()

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

Access Control Bypass

phpPgAdmin is vulnerable to Improper Access Control. The vulnerability is due to lack of validation and access control on user-controlled parameters subject, server, database, queryid in sql.php, which allows an attacker to manipulate session variables and inject arbitrary SQL queries, potentiall...

GitLab 13.1 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-11984)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAut...

CVE-2026-1597

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument cisession leads to improper authorization. The attack may be performed from remote. The exploit has been disclos...

CVE-2026-1597

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument cisession leads to improper authorization. The attack may be performed from remote. The exploit has been disclos...

CVE-2026-1597 Bdtask SalesERP Administrative Endpoint improper authorization

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument cisession leads to improper authorization. The attack may be performed from remote. The exploit has been disclos...

CVE-2026-1597

CVE-2026-1597 affects Bdtask SalesERP (

CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-15068

The CVE-2025-15068 issue concerns Gmission Web Fax. A missing authorization vulnerability enables Authentication Abuse and Session Credential Falsification through Manipulation, affecting Web Fax versions 3.0–3.9 (pre-4.0). Root cause is inadequate authorization checks that allow privilege abuse;...

CVE-2025-14909

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to mana...