Lucene search
K

470 matches found

NVD
NVD
added 2026/05/18 6:17 p.m.16 views

CVE-2026-32848

NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...

5.7CVSS0.00082EPSS
Exploits0References3
CVE
CVE
added 2026/05/18 5:52 p.m.13 views

CVE-2026-32848

CVE-2026-32848 concerns NetBSD: a race condition in the cryptodev_op() function of the opencrypto subsystem that can, under SMP, be triggered by concurrently issuing CIOCCRYPT operations on the same session identifier. The vulnerability allows a local attacker to exploit mutable per-operation sta...

5.7CVSS5.8AI score0.00082EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29496

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800...

7.6CVSS5.8AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/05/10 1:16 a.m.23 views

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS0.00403EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/10 12:15 a.m.57 views

CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS0.00403EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/10 12:15 a.m.9 views

CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

6.9CVSS5.7AI score0.00403EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.17 views

PT-2026-39427

Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description Improper authentication exists in the RMI Interface component. A remote attacker can manipulate the sessionId argument within the doAction function to bypass authenticatio...

6.9CVSS5.7AI score0.00403EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the operation of the doAction function in...

6.9CVSS6AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:49 a.m.18 views

CVE-2026-42276

Onyx has an IDOR vulnerability in POST /chat/stop-chat-session/{chat_session_id}. Authenticated users can stop other users’ active chat sessions because the endpoint authenticates the caller but does not verify that the session belongs to them. An attacker knowing a chat_session_id can interrupt ...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/06 11:22 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

7.1CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 11:24 a.m.6 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation due to the missing changeSessionId invocation after session binding. An attacker can hijack user sessions by exploiting the lack of session ID regeneration after authentication. Remediation Upgrade...

9.3CVSS5.8AI score0.00379EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:34 p.m.11 views

Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/05 9:34 p.m.5 views

GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:44 p.m.2 views

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/21 9:44 p.m.36 views

CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS0.00475EPSS
Exploits1References6
CVE
CVE
added 2026/04/21 9:44 p.m.22 views

CVE-2026-6832

CVE-2026-6832 affects Nesquena Hermes WebUI. The vulnerability resides in the /api/session/delete endpoint where an unvalidated session_id enables an authenticated attacker to bypass the SESSION_DIR boundary using absolute or path traversal payloads, enabling deletion of writable JSON files outsi...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a path traversal vulnerability. This vulnerability stems from the /api/session/delete endpoint, where there is an issue with arbitrary file deletion. This allows authenticated attackers to...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References1
Circl
Circl
added 2026/04/13 9:22 p.m.6 views

CVE-2026-39681

creationtimestamp| type| source ---|---|--- 2026-04-13 21:22:20+00:00| seen| Telegram/xEAlzuvdoDbl3-4UvjRUOPM0QQ9w8kB8O-gQzs6j3EZAGw...

7.5CVSS4.8AI score0.00381EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/13 6:56 a.m.27 views

CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

0.00339EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Solstice::Session 安全漏洞

Solstice::Session is a server-side session component developed by MCRAWFOR’s developers, used to manage user sessions and request states. Versions of Solstice::Session prior to 1440 contained security vulnerabilities, which stemmed from insecure session ID generation, potentially allowing attacke...

9.1CVSS5.8AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder