Lucene search
+L

249 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4986

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00536EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-58398

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00448EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-0044

Malicious code in bioql PyPI...

6.4CVSS5.6AI score0.00674EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-30464

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.0111EPSS
Exploits0References19
CNNVD
CNNVD
added 2025/09/20 12:0 a.m.6 views

Starch 安全漏洞

Starch is an HTTP session library by the individual developer Aran Clary. A security vulnerability exists in Starch 0.14 and earlier versions, which stems from insecure session ID generation and could lead to a session hijacking attack...

9.1CVSS6.5AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2025/09/08 9:12 p.m.16 views

CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS6.6AI score0.00275EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.15 views

PT-2025-36507

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. Admin UI user password changes do not invalidate active user sessions prior to version 2.69.1, creating a vulnerability chaining opportunity...

6.3CVSS5.8AI score0.00275EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2025/07/24 2:52 p.m.5 views

CVE-2025-36005 IBM MQ Operator information disclosure

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

5.9CVSS5.9AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.40 views

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

0.01761EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/20 10:27 a.m.7 views

Improper Access Control

github.com/ubuntu/authd is vulnerable to Improper Access Control. The vulnerability is due to flawed temporary user record handling due to a defect in pre-auth NSS where first-time logins are mistakenly treated as part of the root group during the SSH session...

8.5CVSS8.3AI score0.00255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/06/16 3:32 p.m.6 views

GHSA-MF3R-6M25-3867 Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...

8.7CVSS7.2AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 2025/06/16 12:15 p.m.13 views

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.7 views

PT-2025-24597 · Sap · Sap Master Data Management Server

Name of the Vulnerable Software and Affected Versions: SAP Master Data Management Server affected versions not specified Description: The issue allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate. This gives the ability to...

5.6CVSS6.6AI score0.00208EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/06 1:10 p.m.14 views

CVE-2025-0620 Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

4.9CVSS6.7AI score0.00616EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/01 12:0 a.m.5 views

IBM Planning Analytics Local 代码问题漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...

8.8CVSS6.6AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/26 3:10 p.m.11 views

CVE-2025-46802 Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

6CVSS6.7AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.6 views

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS6.4AI score0.00502EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.6 views

CVE-2023-40695

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938...

8.8CVSS6.2AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:51 a.m.15 views

CVE-2023-33005

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...

5.4CVSS6.8AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.12 views

CVE-2022-22371

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195...

6.5CVSS6.3AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder