Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

GHSA-MH4X-RMRX-3HP4 Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

Security Updates for Azure DevOps 2022 XSS (February 2026)

The Microsoft Team Foundation Server is missing a security update. It is, therefore, affected by the following vulnerability: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2026-21512 Note that Nessus has not...

Security Updates for Microsoft SharePoint Server 2016 (February 2026)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2026-21511,...

Security Updates for Microsoft SharePoint Server 2019 (February 2026)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SharePoint Server 2016 (January 2026)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SharePoint Server Subscription Edition (January 2026)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitra...

Security Updates for Microsoft SharePoint Server 2019 (January 2026)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft JDBC driver for MSSQL (October 2025)

The The Microsoft JDBC driver for MSSQL installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user...

EUVD-2001-1085

Malware in sbrugna...

EUVD-2021-0930

Malware in sbrugna...

EUVD-2014-9021

Malware in sbrugna...

SourceCodester Web-based Pharmacy Product Management System 安全漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source web-based pharmacy product management system. A security vulnerability exists in the SourceCodester Web-based Pharmacy Product Management System version 1.0, which stems from improper access control and...

Linux Distros Unpatched Vulnerability : CVE-2019-18625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After th...

CVE-2025-50171 Remote Desktop Spoofing Vulnerability

...

CVE-2024-22281

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

Improper Authorization

github.com/pomerium/pomerium is vulnerable to Improper Authorization. The vulnerability is due to incomplete validation of JSON Web Tokens JWT, allowing certain service account access tokens to be incorrectly treated as valid for databroker API authorization, potentially leading to data...

Apache Helix Trust Management Issues Vulnerability

Apache Helix is a general-purpose cluster management framework from the U.S. Apache Apache Foundation. Used to automate the management of partitioning, replication and distributed resources hosted on a cluster of nodes . Apache Helix suffers from a trust management issue vulnerability that stems...

Session Spoofing

org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...

Security Updates for Microsoft Office Products C2R (Aug 2024)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-38169, CVE-2024-38170,...