CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 hours ago•4 views

EUVD-2026-39600

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS5.8AI score

EUVD-2026-39597

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.9AI score

Exploits0References2

EUVD-2026-39566

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

7.3CVSS5.9AI score

EUVD-2025-210341

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS5.9AI score

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score

EUVD•added 7 hours ago•4 views

EUVD-2025-210338

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

8.7CVSS6AI score

CVE•added yesterday•11 views

CVE-2026-40082

Cacti versions 1.2.30 and earlier are affected by a Session Fixation flaw due to missing session_regenerate_id() after login. The login flow directly assigns the user session ID without rotating the session, enabling potential session fixation despite otherwise proper cookie attributes (HttpOnly,...

5.4CVSS5.8AI score

CVE•added yesterday•5 views

CVE-2025-71335

Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...

8.6CVSS5.9AI score

Exploits0References2

CVE•added yesterday•7 views

CVE-2026-11703

CVE-2026-11703 (wolfSSL) describes missing SNI/ALPN binding on stateful (session-ID) TLS resumption. A cached TLS session could be resumed under a different SNI/ALPN than originally negotiated, potentially carrying cached peer-authentication state across virtual hosts. The public description stat...

6CVSS5.9AI score

Exploits0References2

CVE•added yesterday•9 views

CVE-2026-54479

The CVE concerns a WebSocket backend where charging station identifiers are used to bind sessions but multiple endpoints can connect with the same session identifier, producing predictable session IDs. This can allow unauthorized users to authenticate as other users or enable a DoS by flooding th...

7.3CVSS5.9AI score

ATTACKERKB•added yesterday•3 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.9AI score

Exploits0References3Affected Software1

NVD•added yesterday•6 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS

CVE•added yesterday•7 views

CVE-2026-56774

What is affected: Kanboard up to version 1.2.52. Root cause: UserViewController::removeSession does not validate the session id before calling RememberMeSessionModel::remove. Impact: Authenticated users can enumerate sequential session IDs to mass-invalidate persistent login sessions (including a...

5.4CVSS5.9AI score

EUVD•added yesterday•4 views

EUVD-2026-39526

5.4CVSS5.9AI score

Cvelist•added yesterday•8 views

CVE-2026-56774 Kanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID

5.4CVSS

NVD•added yesterday•6 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS0.00028EPSS

NVD•added yesterday•5 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS0.00036EPSS

ATTACKERKB•added yesterday•3 views

CVE-2026-54040

5.9CVSS6AI score0.00028EPSS

Exploits0References2Affected Software1

EUVD•added yesterday•4 views

EUVD-2026-39456

5.9CVSS6AI score0.00028EPSS