49449 matches found
CVE-2026-15322 Multiple Vulnerabilities in IBM Engineering AI hub.
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs...
CVE-2026-15322
CVE-2026-15322 affects IBM Engineering AI Hub versions 1.0.0, 1.1.0, and 1.2.0, where session tokens exposed in URLs could allow a remote attacker to obtain sensitive information. The IBM Security Bulletin confirms this issue under CVE-2026-15322 and states remediation is available in IBM Enginee...
EUVD-2026-45296
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs...
EUVD-2026-45182
A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...
CVE-2026-63094
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
CVE-2026-63094
SigNoz up to version 0.133.0 contains an open redirect in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from users on instances configured with Google OAuth, SAML, or OIDC. An attacker can call the unauthenticated sessions context endpoint with a ref pa...
CVE-2026-63094 SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
CVE-2026-9592
SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...
CVE-2024-23572
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
CVE-2026-16089
The CVE-2026-16089 entry describes a vulnerability in Red Hat Build of Keycloak’s keycloak-services, where OAuth 2.0 authorization codes are not properly bound to the client that requested them. If an attacker can intercept an authorization code, they can modify it to be redeemed by their own cli...
CVE-2026-9592
SEPPmail Secure Email Gateway & SEPPmail Cloud prior to 15.0.4.2 are vulnerable. The issue arises because the session token is disclosed in the URL and an HTTP header within the GINA web portal, allowing an attacker to replay and hijack a user session. Affected component: GINA web portal session ...
CVE-2026-9592 Sensitive Information Disclosure in HTTP header
SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...
CVE-2026-9592
SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...
EUVD-2026-45174
SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...
CVE-2024-23572
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
CVE-2024-23572
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
CVE-2024-23572
CVE-2024-23572 affects HCL Aftermarket EPC. The issue is described as a vulnerability where a cookie appears to contain a session token, suggesting a potential risk depending on cookie contents and function. The provided metrics indicate a CVSS v3.1 base score of 4.2 (Medium) with AV:N, AC:H, PR:...
EUVD-2024-55672
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
USN-8490-2 linux-realtime, linux-realtime-6.17 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
USN-8490-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...