CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

EUVD-2026-19548

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

CVE-2026-5707

Technical details (vulnerable component, root cause, affected versions, exploitation) are not publicly provided in the supplied documents. Monitor for updates.

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

PT-2026-30745

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2025.03 through 2025.12.01 Description An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the...

Exploit for CVE-2025-52204

CVE-2025-52204 – Reflected XSS / HTML Injection in Znuny cust...

EUVD-2016-3095

Malware in sbrugna...

EUVD-2021-0984

Malware in sbrugna...

CVE-2023-41521

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters...

CVE-2023-41519

Student Attendance Management System v1 was discovered to contain a cross-site scripting XSS vulnerability via the sessionName parameter at createSessionTerm.php...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system developed by rickxy individual developer. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the parameters id, termI...

CVE-2016-20007

The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

K35232053: PHP vulnerability CVE-2016-7125

Security Advisory Description ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by obje...

SUSE CVE-2006-3016

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...

CVE-2022-2787

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session...

CVE-2021-26544

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

CVE-2021-26544

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

Cross site scripting

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

CVE-2021-26544 Apache Livy (Incubating) is vulnerable to cross site scripting

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

CVE-2021-26544

Affected software: Apache Livy server 0.7.0-incubating. Issue: cross-site scripting (XSS) in the session name. Impact: a malicious user could access logs and results of other users’ sessions and run jobs with those users’ privileges. Root cause: XSS in session-name handling. Remediation: the fixe...