Lucene search
+L

47 matches found

OSV
OSV
added 2025/09/29 8:15 p.m.6 views

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

5.5CVSS5.8AI score0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/29 8:0 p.m.6 views

CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

4.6CVSS6.3AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/29 8:0 p.m.11 views

CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

4.6CVSS0.00133EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/19 6:46 p.m.9 views

CVE-2025-34188

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

8.4CVSS5.7AI score0.00287EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/08 3:12 a.m.12 views

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.8AI score0.00349EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/06 4:0 a.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS6.6AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/06 4:0 a.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

8.6CVSS7.1AI score0.00349EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/06 2:30 a.m.3 views

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.3AI score0.00349EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/09/06 2:30 a.m.12 views

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS0.00349EPSS
Exploits1References7
OSV
OSV
added 2025/09/06 2:30 a.m.5 views

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.5AI score0.00349EPSS
Exploits1References9
OSV
OSV
added 2025/09/05 8:19 p.m.6 views

GHSA-J6XF-JWRJ-V5QP Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

8.1CVSS8AI score0.00349EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.6 views

CVE-2024-27455

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03...

9.1CVSS6.8AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.10 views

CVE-2010-3319

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file...

5CVSS6.3AI score0.01064EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/06 4:51 p.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS7AI score0.00404EPSS
Exploits0References2
NVD
NVD
added 2025/01/04 2:15 a.m.30 views

CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...

7.5CVSS0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 13.7 through...

8.8CVSS6.8AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2024/08/30 10:25 p.m.6 views

CVE-2024-6586

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...

7.3CVSS6.8AI score0.01786EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/06/13 11:2 a.m.5 views

axios: exposure of confidential data stored in cookies

A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data...

6.5CVSS7.2AI score0.00556EPSS
Exploits1References4
NVD
NVD
added 2024/04/12 9:15 p.m.13 views

CVE-2024-29023

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be...

7.2CVSS7AI score0.00802EPSS
Exploits0References6
CVE
CVE
added 2024/04/12 9:0 p.m.87 views

CVE-2024-29023

CVE-2024-29023 affects Xibo CMS: session tokens are exposed in the session-search API response, enabling potential session hijacking when users have access to the sessions page. Affected software is Xibo: upgrades are recommended to close the issue. Remediation per sources: Upgrade to Xibo 3.3.10...

7.2CVSS6.8AI score0.00802EPSS
Exploits0References6
Rows per page
Query Builder