CVE-2025-34412

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

EUVD-2025-200727

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

CVE-2025-12585 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...

CVE-2025-12585

The CVE-2025-12585 entry concerns the WordPress plugin MxChat – AI Chatbot (WordPress plugin). Affected software: MxChat plugin for WordPress, versions up to and including 2.5.5. Vulnerability type: Sensitive Information Exposure. Root cause: inadequate protection of sensitive data via upload fil...

EUVD-2016-9431

Malware in sbrugna...

Exploit for Improper Authentication in Microsoft

cve-2020-0688 cve-2020-0688 Login with a user with an email a...

Trend Micro Threat Discovery Appliance Authentication Bypass Vulnerability

Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security vulnerabili...

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

Authentication flaw

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value...

CVE-2016-8584

CVE-2016-8584 affects Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier, where predictable session values enable remote attackers to bypass authentication by guessing the session value. The description states an authentication bypass via session generation, with CVSS metrics indicatin...

Joomla! < 3.4.6 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.4.6. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to improper sanitization of session values. An unauthenticated,...

[20151205] - Session - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values which leads to a Remote Code Execution vulnerability...

[20151201] - Core - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability...

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

CVE-2009-2749 affects IBM WebSphere Application Server 7.0.0.7 with the Feature Pack for Communications Enabled Applications (CEA). The root cause is the use of predictable session values in CEA prior to version 1.0.0.1, which allows a MITM attacker to spoof a collaboration session by guessing th...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

The use of Session spoofing configuration the most hidden WebShell-vulnerability warning-the black bar safety net

Unknowingly“LM groups”to see the Black anti-there have been two spring and autumn, the period does not fall. Painstaking practice so long, can start playing on a trick or two. See the Black anti-second period of the DreamWeaver caused the network crisis of a text,“LM groups”the heart indescribabl...