CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/19 5:22 p.m.•11 views

CVE-2026-32134

CVE-2026-32134 affects NanoMQ subinfol is freed/NULL’d before restoration, and the transport iterates it without NULL checks. It is fixed in version 0.24.11; upgrade to that release or later to mitigate. No exploitation details are provided in the available documents.

5.9CVSS5.7AI score0.00055EPSS

Vulnrichment•added 2026/05/19 5:22 p.m.•12 views

CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore

5.9CVSS5.7AI score0.00055EPSS

OSV•added 2026/04/09 11:17 p.m.•1 views

DEBIAN-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4CVSS5.6AI score0.00016EPSS

UbuntuCve•added 2026/04/09 11:17 p.m.•1 views

CVE-2026-5507

4.1CVSS5.9AI score0.00016EPSS

OSV•added 2026/01/20 6:58 p.m.•3 views

GHSA-QPPM-G56G-FPVP Turbo Frame responses can restore stale session cookies

Summary A race condition in Turbo Frames allows delayed HTTP responses to restore stale session cookies after session-modifying operations. Details Browsers automatically process Set-Cookie headers from HTTP responses. When a Turbo Frame request is in-flight during a session-modifying action such...

6.3CVSS5.6AI score0.00063EPSS

Exploits1References7

OSV•added 2024/07/05 2:15 a.m.•1 views

DEBIAN-CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

7.8CVSS8AI score0.00096EPSS

Tenable Nessus•added 2024/06/12 12:0 a.m.•15 views

FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based...

7.8CVSS7.7AI score0.00096EPSS

Exploits0References3

Mageia•added 2024/06/07 5:31 p.m.•23 views

Updated plasma-workspace packages fix security vulnerability

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code...

7.8CVSS7.5AI score0.00096EPSS

FreeBSD•added 2024/05/31 12:0 a.m.•18 views

plasma[56]-plasma-workspace -- Unauthorized users can access session manager

David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature ...

7.8CVSS7.4AI score0.00096EPSS

NVD•added 2023/07/12 2:15 p.m.•11 views

CVE-2023-37456

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS 115...

6.5CVSS5.9AI score0.00441EPSS

SUSE CVE•added 2023/02/15 6:6 a.m.•1 views

SUSE CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...

4.3CVSS6.4AI score0.12823EPSS

SUSE CVE•added 2023/02/15 6:6 a.m.•2 views

SUSE CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

4.3CVSS5.9AI score0.01096EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 5:7 a.m.•3 views

SUSE CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

6.5CVSS6.7AI score0.00402EPSS

Exploits0References14

SUSE CVE•added 2023/02/15 3:24 a.m.•1 views

SUSE CVE-2022-36317

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 103...

6.5CVSS8.3AI score0.00266EPSS

OSV•added 2022/12/22 8:15 p.m.•1 views

DEBIAN-CVE-2022-42929

If a website called window.print in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

6.5CVSS6.8AI score0.0022EPSS

OSV•added 2022/12/22 8:15 p.m.•0 views

CVE-2022-36317

6.5CVSS7.4AI score