Lucene search
K

471 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/05 5:59 p.m.14 views

CVE-2026-45746

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...

9CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 5:56 p.m.11 views

CVE-2026-45743 Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 5:56 p.m.12 views

EUVD-2026-34872

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:56 p.m.7 views

CVE-2026-45743

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2026/06/02 9:49 a.m.26 views

curl: RTSP Digest auth state leaks across origins on reused libcurl easy handle

Summary When a reused libcurl easy handle first authenticates to one RTSP origin with Digest authentication and is then switched to a different RTSP origin, libcurl can send the old origin's Digest authentication state to the new origin. The second RTSP server does not need to send a...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/01 5:16 p.m.23 views

CVE-2026-10272

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

6.9CVSS0.00307EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 1:30 a.m.46 views

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00211EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 1:30 a.m.11 views

EUVD-2026-33533

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45448

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

6.9CVSS6.2AI score0.00307EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.24.2 of AstrBot contains a security vulnerability. This vulnerability stems from improper handling of the sessionid parameter in the astrmainagent function within the...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the Student-Management-System’s authorization mechanism; this issue stems from incorrect handling of the parameter “sid” in the file admin/deleteform.php, which ma...

6.9CVSS6.4AI score0.00307EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 4:40 p.m.10 views

EUVD-2026-33361

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44893

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS5.8AI score0.00154EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 11:16 p.m.23 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:56 p.m.11 views

EUVD-2026-32677

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.12 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 9:56 p.m.30 views

CVE-2026-46538

CVE-2026-46538 affects Microsoft UFO open-source framework; in version 3.0.1-4-ge2626659, the constellation client tracks pending task responses by session_id and does not bind completion to the originating device. An authenticated peer can forge a TASK_END with the same session_id to inject atta...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

5.9CVSS5.7AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.40 views

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder