Lucene search
K

1831 matches found

GithubExploit
GithubExploit
added 2026/04/21 11:25 a.m.141 views

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

5.4CVSS5.8AI score0.01215EPSS
Exploits6
Snyk
Snyk
added 2026/04/14 11:39 p.m.5 views

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

6.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/14 12:16 a.m.7 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:6 a.m.2 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/14 12:6 a.m.3 views

EUVD-2026-22140

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:6 a.m.4 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.31 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:6 a.m.27 views

CVE-2026-24318

The CVE concerns SAP Business Objects BI Platform. An insecure session management flaw could allow an unauthenticated attacker to obtain valid session tokens and reuse them to access or modify data within a victim’s session scope, impacting confidentiality and integrity (availability unchanged). ...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

SAP Business Objects Business Intelligence Platform 安全漏洞

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance solutions provided by the German company SAP. This product includes features such as report generation, analysis, and data visualization. There is a security vulnerability in...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32551

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 8:16 p.m.6 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS0.00239EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/07 6:13 p.m.5 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS5.4AI score0.0027EPSS
Exploits1
PyPA
PyPA
added 2026/04/07 7:16 a.m.13 views

PYSEC-2026-170

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.3AI score0.0054EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/07 7:16 a.m.18 views

PYSEC-2026-170

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:19 a.m.4 views

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.2AI score0.0054EPSS
Exploits1References3
NVD
NVD
added 2026/04/02 6:16 p.m.8 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS0.003EPSS
Exploits2References3
CVE
CVE
added 2026/04/02 5:32 p.m.16 views

CVE-2026-34828

CVE-2026-34828 affects listmonk, a standalone self-hosted newsletter manager. A session-management vulnerability in versions 4.1.0 up to, but not including, 6.1.0 allows already-authenticated sessions to remain valid after password reset or password change, enabling an attacker with a valid sessi...

7.1CVSS5.8AI score0.003EPSS
Exploits2References3Affected Software1
GithubExploit
GithubExploit
added 2026/04/02 9:24 a.m.117 views

lightweight-msf

Lightweight-MSF !License: MIThttps://img.shields.io/badge...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

listmonk 代码问题漏洞

ListMonk is a high-performance, self-hosted newsletter and mailing list manager developed by Kailash Nadh. Versions of ListMonk prior to 6.1.0 contained code vulnerabilities due to session management issues. These vulnerabilities allowed previously issued authenticated sessions to remain valid...

7.1CVSS5.9AI score0.003EPSS
Exploits2References3
OSV
OSV
added 2026/04/01 11:48 p.m.5 views

GHSA-H5J9-CVRW-V5QH listmonk's active sessions remain valid after password reset and password change

Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...

7.1CVSS6AI score0.003EPSS
Exploits2References5
Rows per page
Query Builder