Lucene search
+L

4168 matches found

CVE
CVE
added 2026/06/16 9:0 a.m.12 views

CVE-2026-39581

CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions

8.5CVSS5.7AI score0.0027EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/16 1:3 a.m.22 views

[SECURITY] Fedora 44 Update: perl-Mojo-JWT-1.02-1.fc44

JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users though of course it is useful elsewhere. Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text strin...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36614

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS5.3AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

2.3CVSS5.9AI score0.00187EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.260 views

Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...

9.8CVSS5.6AI score0.00399EPSS
Exploits0References30
CVE
CVE
added 2026/06/11 9:33 p.m.26 views

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

8.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 7:28 p.m.15 views

Malicious code in telegramlite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce1afd32bb4808a41c70c2b9e7d38d36de85eef1ada8d8ae615f5df1a6f88a5c No install-time, import-time, or runtime behaviors of concern were observed in this version. The package name suggests a lightweight Telegram client...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/10 7:28 p.m.14 views

MAL-2026-5531 Malicious code in telegramlite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce1afd32bb4808a41c70c2b9e7d38d36de85eef1ada8d8ae615f5df1a6f88a5c No install-time, import-time, or runtime behaviors of concern were observed in this version. The package name suggests a lightweight Telegram client...

6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.9 views

Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

7CVSS5.8AI score0.00136EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/10 12:52 p.m.88 views

Exploit for Improper Input Validation in Drupal

drupalgeddon2-cli A command-line rewrite of the Drupalged...

9.8CVSS8.1AI score0.99993EPSS
Exploits46
GithubExploit
GithubExploit
added 2026/06/10 12:2 p.m.84 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Partial PUT + Deserialization R...

10CVSS8.3AI score0.99945EPSS
Exploits47
Cvelist
Cvelist
added 2026/06/09 4:10 p.m.37 views

CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:10 p.m.27 views

CVE-2026-49956

CVE-2026-49956 affects the Hermes WebUI prior to version 0.51.269. The root cause is a profile isolation bypass: an authenticated user can query the sessions search endpoint without active-profile filtering, exposing data from other profiles (session titles and transcript message content). This i...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
OSV
OSV
added 2026/06/09 4:10 p.m.4 views

CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS6AI score0.00272EPSS
Exploits0References8
NVD
NVD
added 2026/06/09 5:16 a.m.12 views

CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.10 views

UBUNTU-CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS5.4AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:49 a.m.18 views

EUVD-2026-35325

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS5.4AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:49 a.m.10 views

CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS5.4AI score0.00171EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:49 a.m.12 views

CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS5.4AI score0.00171EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-47649

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description WebSocket session IDs in the spring-websocke...

7.5CVSS5.2AI score0.00171EPSS
Exploits0References9
Rows per page
Query Builder