Lucene search
+L

1831 matches found

Snyk
Snyk
added 2026/04/01 10:9 p.m.5 views

Incorrect Comparison Logic Granularity

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity in the session management process. An attacker can retain full access to protected resources and perform privileged actions by...

8.8CVSS5.9AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 10:8 p.m.5 views

EUVD-2026-18086

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

10CVSS5.8AI score0.00502EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 10:8 p.m.9 views

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29816

Name of the Vulnerable Software and Affected Versions listmonk versions 4.1.0 through 6.0.0 Description listmonk, a self-hosted newsletter and mailing list manager, has a session management issue. Previously issued authenticated sessions remain valid after sensitive account security changes, such...

7.1CVSS5.9AI score0.003EPSS
Exploits2References7
OSV
OSV
added 2026/03/28 6:52 p.m.4 views

CVE-2026-3256 HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.8 views

HTTP::Session 安全漏洞

HTTP::Session is a server-side component library developed by KTAT’s individual developers, used for session management and state maintenance in web applications. Versions of HTTP::Session prior to 0.53 contained security vulnerabilities; these vulnerabilities stemmed from the default use of...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 3:30 p.m.3 views

EUVD-2025-209085

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.7 views

CVE-2026-29092

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

7.5CVSS0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:59 p.m.3 views

CVE-2026-29092

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

4.9CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/25 4:59 p.m.6 views

EUVD-2026-15807

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

4.9CVSS5.8AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier contained code...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Kiteworks 代码问题漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.1 contained code vulnerabilities. These vulnerabilities were due to issues with session management, which could allow users who have been blocked to...

7.5CVSS5.9AI score0.00237EPSS
Exploits0References2
Redos
Redos
added 2026/03/19 12:0 a.m.7 views

ROS-20260319-73-0033

Vulnerability in glpi related to incorrect session management. Exploitation of the vulnerability could allow an attacker acting remotely to hijack a user's session...

6.5CVSS5.8AI score0.00373EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.8AI score0.00302EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 9:16 p.m.6 views

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS0.00302EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/06 9:1 p.m.4 views

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.7AI score0.00302EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:1 p.m.4 views

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.7AI score0.00302EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/06 9:1 p.m.8 views

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.8AI score0.00302EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/03/05 11:45 a.m.144 views

wapt-simulation

Web Application Penetration Testing WAPT Simulation This re...

6AI score
Exploits0
Debian CVE
Debian CVE
added 2026/03/05 1:41 a.m.8 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.3AI score0.00583EPSS
Exploits0
Rows per page
Query Builder