Lucene search
K

318 matches found

Veracode
Veracode
added 2025/07/17 5:6 a.m.7 views

Improper Authorization

authentik is vulnerable to Improper Authorization. The vulnerability is due to missing session validation for single-use tokens in RAC endpoints, which allows an attacker to reuse a valid token from a shared URL to access another user’s session...

9.6CVSS6.1AI score0.00405EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/16 4:4 p.m.4 views

CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...

6.9CVSS6.4AI score0.00626EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/07/16 4:4 p.m.10 views

CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...

6.9CVSS0.00626EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/07/14 9:18 a.m.178 views

Exploit for CVE-2025-52689

CVE-2025-52689 PoC Code PoC code for CVE-2025-52689 Alcatel-L...

9.8CVSS6.8AI score0.11008EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:57 a.m.7 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

5.3CVSS5.3AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.10 views

CVE-2023-24495

A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...

6.5CVSS6.8AI score0.00892EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.13 views

CVE-2023-27524

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS8.3AI score0.97405EPSS
Exploits20References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.7 views

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...

7.5CVSS7.2AI score0.00911EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.7 views

CVE-2020-23036

MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the password authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to re...

5.9CVSS7.5AI score0.01089EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:52 a.m.9 views

CVE-2019-11123

Insufficient session validation in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...

6.7CVSS6.9AI score0.00392EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20865 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Update 3 SIMATIC PCS neo versions prior to V5.0 Update 1 Description: A vulnerability has been identified in SIMATIC PCS neo where affected products do not correctly invalidate user sessions upon user...

10CVSS6.5AI score0.00374EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/05/02 12:0 a.m.14 views

IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...

6.3CVSS5.5AI score0.00239EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/22 12:0 a.m.3 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5AI score0.00362EPSS
Exploits1References1
Veracode
Veracode
added 2025/04/07 2:36 a.m.8 views

Unauthorized API Access

Directus is vulnerable to unauthorized API access by suspended users. The vulnerability is due to missing session validation due to the absence of a check in verifySessionJWT to confirm if a user is still active and authorized...

4.3CVSS7AI score0.00337EPSS
Exploits1References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/08 4:42 a.m.8 views

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

5.3CVSS6.8AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 7:28 a.m.16 views

BIT-SUPERSET-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS9.2AI score0.97405EPSS
Exploits20References6
Vulnrichment
Vulnrichment
added 2025/01/31 5:47 a.m.8 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS5.3AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/31 5:47 a.m.17 views

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

5.4CVSS0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.8 views

PT-2025-4393 · Uaa · Uaa

Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...

5.4CVSS6.7AI score0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.4 views

CloudFoundry UAA 安全漏洞

CloudFoundry UAA is a multi-tenant identity management service from the CloudFoundry Foundation. A security vulnerability exists in CloudFoundry UAA that stems from an inability to properly validate session information between regions. An attacker exploiting this vulnerability could reuse its...

5.4CVSS6.4AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder