Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

48263 matches found

EUVD
EUVDadded 2026/06/09 4:0 p.m.9 views

EUVD-2026-35470

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/09 2:59 p.m.9 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 10:16 a.m.9 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS0.00242EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 9:16 a.m.9 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS0.00396EPSS
Exploits0References5
OSV
OSVadded 2026/06/09 9:16 a.m.5 views

UBUNTU-CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00396EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2026/06/09 8:57 a.m.8 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2026/06/09 7:34 a.m.8 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00396EPSS
Exploits0
EUVD
EUVDadded 2026/06/09 7:34 a.m.9 views

EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00396EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/09 7:34 a.m.6 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

5.5AI score0.00396EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/09 7:34 a.m.37 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

0.00396EPSS
Exploits0References4
CVE
CVEadded 2026/06/09 7:34 a.m.15 views

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

9.1CVSS5.5AI score0.00396EPSS
Exploits0References5
NVD
NVDadded 2026/06/09 5:16 a.m.8 views

CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00133EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:16 a.m.8 views

CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS0.00171EPSS
Exploits0References1
OSV
OSVadded 2026/06/09 5:16 a.m.5 views

UBUNTU-CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00133EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2026/06/09 5:7 a.m.40 views

HTB-TwoMillion-Exploit

HTB-TwoMillion-Exploit Importante: Esto NO es un writeu...

5.5AI score
Exploits0
EUVD
EUVDadded 2026/06/09 3:49 a.m.6 views

EUVD-2026-35326

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00133EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 3:49 a.m.28 views

CVE-2026-41839

The CVE-2026-41839 affects Spring Framework WebFlux. A WebFlux application with a compromised subdomain (e.g., via XSS) is vulnerable to an escalation attack that exchanges a known session ID for that of an authenticated user. Affected versions are: Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1...

4.2CVSS5.2AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 3:49 a.m.4 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/09 3:49 a.m.30 views

CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 3:49 a.m.7 views

CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS5.4AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder