CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

ATTACKERKB•added 2026/03/23 3:25 p.m.•1 views

CVE-2026-33492

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's sessionstart function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when th...

7.3CVSS5.9AI score0.00099EPSS

Exploits1References3Affected Software1

CVE•added 2026/03/23 3:25 p.m.•7 views

CVE-2026-33492

Mode C: AVideo is affected by CVE-2026-33492 in which session IDs can be supplied via the GET parameter PHPSESSID, allowing an attacker to hijack a victim’s session. The chain includes: (1) attacker-controlled session ID acceptance via _session_start(), bypassing cookies and strict mode; (2) a se...

7.3CVSS5.9AI score0.00099EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/23 12:0 a.m.•2 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from fixed session IDs and bypasses of session regeneration, which could lead ...

7.3CVSS5.8AI score0.00099EPSS

Exploits1References2

Vulnrichment•added 2026/03/09 12:0 a.m.•2 views

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

5.8AI score0.00074EPSS

Exploits1References1

RedhatCVE•added 2026/01/29 3:26 a.m.•6 views

CVE-2025-69602

A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...

9.1CVSS5.9AI score0.00103EPSS

Exploits1References1

EUVD•added 2026/01/28 12:0 a.m.•3 views

EUVD-2025-206458

9.1CVSS5.9AI score0.00103EPSS

Exploits1References1

RedhatCVE•added 2025/10/30 6:4 p.m.•3 views

CVE-2025-64100

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

6.1CVSS6.6AI score0.00039EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 5:54 p.m.•1 views

CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

6.1CVSS6.2AI score0.00039EPSS

Exploits0References2

Cvelist•added 2025/10/27 9:22 p.m.•4 views

CVE-2025-62781 PILOS is missing session regeneration after password change

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

5CVSS0.00028EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-6420

Malicious code in bioql PyPI...

5.8CVSS5.3AI score0.00164EPSS

Exploits0References6

Positive Technologies•added 2023/04/21 12:0 a.m.•1 views

PT-2023-22091 · Unknown · @Fastify/Passport +1

Name of the Vulnerable Software and Affected Versions: @fastify/passport versions prior to the version that regenerates sessionId upon login Description: Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management...

8.1CVSS7.9AI score0.00371EPSS

Exploits0References7

OpenVAS•added 2023/03/08 12:0 a.m.•34 views

Debian: Security Advisory (DSA-2016-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.7AI score0.0061EPSS

Exploits0References3

RedhatCVE•added 2022/07/28 11:9 a.m.•33 views

CVE-2022-25896

A misleading session regeneration flaw was found in passport. When a user logs in or logs out, the session is regenerated instead of being closed. This flaw allows an attacker to use a previous session in particular environments. Mitigation Mitigation for this issue is either not available or the...

4.8CVSS1.5AI score0.00164EPSS

Exploits0References4