Lucene search
K

1820 matches found

Nuclei
Nuclei
added yesterday56 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7.1AI score0.34293EPSS
Exploits1
Nuclei
Nuclei
added 2 days ago123 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS5.8AI score0.28802EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40322

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS5.7AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-57948

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS0.00126EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40165

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 7:40 p.m.7 views

EUVD-2026-38599

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 2:39 a.m.6 views

Insufficient Session Expiration

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticateuser function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session...

7.1CVSS6.6AI score0.00262EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50376

Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/13 6:59 a.m.94 views

metasploit-cheatsheet

Metasploit Cheatsheet A practical reference for using Metaspl...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48561

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...

8.8CVSS5.2AI score0.0023EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

FTL 竞争条件问题漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL prior to 6.6.1 contained a race condition vulnerability, which stems from race conditions in the HTTP session management subsystem. This vulnerability could allow attackers to perform...

8.8CVSS5.3AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.7AI score0.0054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS6AI score0.41694EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 6:16 p.m.19 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS0.41694EPSS
Exploits3References3
EUVD
EUVD
added 2026/06/03 4:9 p.m.11 views

EUVD-2026-34137

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
Redos
Redos
added 2026/05/29 12:0 a.m.14 views

ROS-20260529-73-0015

The vulnerability in openbao is related to improper session management. Exploiting this vulnerability can allow a remote attacker to intercept a user’s session...

9.6CVSS5.8AI score0.00411EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/27 3:47 p.m.8 views

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4
Rows per page
Query Builder