Lucene search
K

239 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-49309

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00861EPSS
Exploits1References2
NVD
NVD
added 2025/10/02 3:15 p.m.4 views

CVE-2025-59743

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

9.8CVSS0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 2:13 p.m.3 views

CVE-2025-59743 Multiple vulnerabilities in AndSoft's e-TMS

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

9.3CVSS7.7AI score0.00329EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-25052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the...

6.1CVSS3.2AI score0.00529EPSS
Exploits0References2
NVD
NVD
added 2025/07/10 2:15 p.m.9 views

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

6.1CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/10 12:0 a.m.13 views

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 12:0 a.m.4 views

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

5.6AI score0.00183EPSS
Exploits0References2
CVE
CVE
added 2025/07/10 12:0 a.m.39 views

CVE-2024-36697

CVE-2024-36697 describes an XSS in Allworx System Software v9.1.9.12, affecting the Admin Login page via the SessionID parameter in query.asp. No exploitation details are provided in the connected documents. Remediation guidance from PT-2025-29092: apply a fix for Allworx System Software version ...

6.1CVSS5.6AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

PHPGurukul Online Notes Sharing System 安全漏洞

PHPGurukul Online Notes Sharing System is an online notes sharing system from PHPGurukul Inc. A security vulnerability exists in version 1.0 of the PHPGurukul Online Notes Sharing System, which stems from a SQL injection due to incorrect manipulation of the sessionid parameter in the File/Dashboa...

9.8CVSS7.8AI score0.00476EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.4 views

PT-2025-28302 · Unknown · Phpgurukul Online Notes Sharing System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Notes Sharing System version 1.0 Description: A critical issue was found in the PHPGurukul Online Notes Sharing System, affecting an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of th...

9.8CVSS7.6AI score0.00476EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.6 views

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

5.4CVSS5.2AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.6 views

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

9.8CVSS7.2AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.10 views

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS6.6AI score0.03888EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.8 views

CVE-2022-46505

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...

7.5CVSS6.9AI score0.00861EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.11 views

CVE-2021-30116

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS6.6AI score0.85619EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.4 views

CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions...

8.8CVSS7.8AI score0.01939EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:26 p.m.8 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS6.3AI score0.0082EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 a.m.7 views

CVE-2013-3586

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...

7.6CVSS7.5AI score0.11605EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

4.3CVSS0.00458EPSS
Exploits1References2
OSV
OSV
added 2025/03/14 3:43 p.m.3 views

OESA-2025-1269 pki-core security update

Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...

7.5CVSS7.2AI score0.00659EPSS
Exploits0References2
Rows per page
Query Builder