1679 matches found
EUVD-2026-21534
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...
CVE-2026-31940 Session Fixation in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicchacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and...
CVE-2026-31940 Session Fixation in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicchacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and...
PT-2026-32011
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Open Redirect flaw in the session course edit page. An attacker can redirect an authenticated administrator to an...
CVE-2026-35636
OpenClaw 2026.3.11–2026.3.24 contains a session isolation bypass where session_status resolves sessionId to canonical session keys before visibility checks, allowing sandboxed child sessions to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. The descr...
CVE-2026-35636 OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...
CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...
EUVD-2026-20063
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...
CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender for Perl, versions 7.00–7.03, generates insecure session IDs. The generate_session_id routine first reads from /dev/urandom; if unavailable, it falls back to SHA-1 seeded with the built-in rand(), the process PID, and the high-resolution epoch time. The PID is dra...
PT-2026-30334
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The install/test.php diagnostic script has its CLI-only access guard disabled, allowing access via HTTP after installation. This exposes video viewer statistics, including IP addresses, session IDs, a...
GHSA-Q2QC-744P-66R2 OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility
Summary sessionstatus sessionId resolution bypasses sandboxed session-tree visibility Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.11, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...
EUVD-2026-16939
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...
CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...
CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...
GHSA-QVQR-5CV7-WH35 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...
CVE-2026-33492
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's sessionstart function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when th...
CVE-2026-33043
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...
CVE-2026-33492
The CVE-2026-33492 entries describe a session-fixation vulnerability in WWBN AVideo up to version 26.0 where _session_start() accepts an attacker-controlled PHPSESSID via GET parameter and sets it as the active session. A session regeneration bypass exists for certain blacklisted endpoints when r...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the sid...
GHSA-X3PR-VRHQ-VQ43 AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration
Summary AVideo's sessionstart function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when the request originates from the same domain. Combined with the explicitly...