Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/11 9:54 p.m.22 views

CVE-2026-43911

Vaultwarden (Rust) prior to 1.35.5 does not invalidate refresh tokens when a user’s security_stamp is rotated during security-sensitive operations (password/KDF/key rotation, email change, org admin password reset, emergency access takeover). An attacker holding a previously issued refresh token ...

8.1CVSS5.8AI score0.00216EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/29 12:0 a.m.6 views

PT-2025-48367

Name of the Vulnerable Software and Affected Versions OrangeHRM versions 5.0 through 5.7 Description OrangeHRM does not invalidate existing sessions when a user is disabled or a password change occurs, allowing active session cookies to remain valid indefinitely. This allows a disabled user, or a...

8.8CVSS6.8AI score0.00237EPSS
Exploits0References7
Ivanti
Ivantiadded 2025/03/10 6:55 p.m.720 views

Security Advisory March 2025 Ivanti Neurons for MDM (N-MDM)

Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description| CVSS Score Severity| CVSS Vector| CWE...

6.9AI score
Exploits0
OSV
OSVadded 2023/12/12 12:59 a.m.9 views

GHSA-88J4-PCX8-Q4Q3 Password Change Vulnerability

Overview: A moderate security vulnerability has been identified in Uptime Kuma platform that poses a significant threat to the confidentiality and integrity of user accounts. When a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged...

6.7CVSS6.8AI score0.00263EPSS
Exploits0References5
Prion
Prionadded 2023/10/17 12:15 a.m.17 views

Design/Logic Flaw

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixe...

1.5CVSS4.3AI score0.0024EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/04/16 12:0 a.m.8 views

CVE-2022-37186

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...

5.7AI score0.00725EPSS
Exploits1References4
Hacker One
Hacker Oneadded 2016/03/24 8:4 a.m.9 views

Uber: Session retention is present which reveals the customer info

Issue : Session retention is present at partner.uber.com which reveals all senstive data Steps to reproduce : 1Login to partner.uber.com under any driver profile 2navigate to summary page or any page e.g payment page 3logout the application 4press back button of the application application reveal...

1.6AI score
Exploits0
Rows per page
Query Builder