Lucene search
K

48732 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.28 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:11 p.m.6 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 8:11 p.m.32 views

CVE-2026-47387

NocoDB (the issue CVE-2026-47387) has a stored XSS due to the shared form-view redirect_url handling. The vulnerable sink in packages/nc-gui/composables/useSharedFormViewStore.ts validates only string/non-empty redirect_url and fails to validate URL schemes, causing non-network schemes (e.g., jav...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 7:53 p.m.7 views

EUVD-2026-38603

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.5 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.29 views

CVE-2026-9073 Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS0.00152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.7AI score0.00152EPSS
Exploits0References3
Debian
Debian
added 2026/06/23 7:44 p.m.6 views

[SECURITY] [DLA 4641-1] beets security update

Debian LTS Advisory DLA-4641-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 23, 2026 https://wiki.debian.org/LTS Package : beets Version : 1.4.9-7+deb11u1 CVE ID : CVE-2026-42052 Debian Bug : 1135779 It was discovered that beets, a media library management...

6CVSS5.9AI score0.003EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/23 7:40 p.m.6 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:40 p.m.8 views

CVE-2026-12112

CVE-2026-12112 affects the foreman-mcp-server MCP Server. The issue is a session management vulnerability where an improper cache of authenticated client connections allows an unauthenticated attacker to hijack active administrative sessions by trusting a non-secret session ID without re-validati...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/06/23 7:40 p.m.7 views

EUVD-2026-38599

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:40 p.m.5 views

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 7:40 p.m.37 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS0.00153EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 7:40 p.m.6 views

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.8AI score0.00153EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 7:11 p.m.8 views

AVideo Meet plugin: anonymous-to-admin stored XSS via unescaped participant User-Agent in getMeetInfo.json.php Participants panel

Summary The Meet plugin stores the raw HTTP User-Agent header of every meeting participant and later renders it without output encoding in the meeting-management "Participants" panel that the meeting host and site administrators open. An anonymous, unauthenticated attacker can join any public...

6.2AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 5:36 p.m.39 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:33 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...

8.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
Rows per page
Query Builder