Lucene search
+L

49449 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-15322 Multiple Vulnerabilities in IBM Engineering AI hub.

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-15322

CVE-2026-15322 affects IBM Engineering AI Hub versions 1.0.0, 1.1.0, and 1.2.0, where session tokens exposed in URLs could allow a remote attacker to obtain sensitive information. The IBM Security Bulletin confirms this issue under CVE-2026-15322 and states remediation is available in IBM Enginee...

7.5CVSS4.8AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-45296

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs...

7.5CVSS4.8AI score
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45182

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

7.2CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-63094

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-63094

SigNoz up to version 0.133.0 contains an open redirect in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from users on instances configured with Google OAuth, SAML, or OIDC. An attacker can call the unauthenticated sessions context endpoint with a ref pa...

8.1CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added yesterday11 views

CVE-2026-63094 SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-9592

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...

9.3CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-16089

The CVE-2026-16089 entry describes a vulnerability in Red Hat Build of Keycloak’s keycloak-services, where OAuth 2.0 authorization codes are not properly bound to the client that requested them. If an attacker can intercept an authorization code, they can modify it to be redeemed by their own cli...

5.4CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-9592

SEPPmail Secure Email Gateway & SEPPmail Cloud prior to 15.0.4.2 are vulnerable. The issue arises because the session token is disclosed in the URL and an HTTP header within the GINA web portal, allowing an attacker to replay and hijack a user session. Affected component: GINA web portal session ...

9.3CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-9592 Sensitive Information Disclosure in HTTP header

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...

9.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-9592

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...

9.3CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45174

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...

9.3CVSS5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday10 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-23572

CVE-2024-23572 affects HCL Aftermarket EPC. The issue is described as a vulnerability where a cookie appears to contain a session token, suggesting a potential risk depending on cookie contents and function. The provided metrics indicate a CVSS v3.1 base score of 4.2 (Medium) with AV:N, AC:H, PR:...

4.2CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2024-55672

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References1
OSV
OSV
added yesterday4 views

USN-8490-2 linux-realtime, linux-realtime-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References62
Ubuntu
Ubuntu
added yesterday7 views

USN-8490-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9
Rows per page
Query Builder