4168 matches found
CVE-2026-39581
CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions
[SECURITY] Fedora 44 Update: perl-Mojo-JWT-1.02-1.fc44
JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users though of course it is useful elsewhere. Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text strin...
EUVD-2026-36614
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...
CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...
Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities
The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...
CVE-2026-45173
The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...
Malicious code in telegramlite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce1afd32bb4808a41c70c2b9e7d38d36de85eef1ada8d8ae615f5df1a6f88a5c No install-time, import-time, or runtime behaviors of concern were observed in this version. The package name suggests a lightweight Telegram client...
MAL-2026-5531 Malicious code in telegramlite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce1afd32bb4808a41c70c2b9e7d38d36de85eef1ada8d8ae615f5df1a6f88a5c No install-time, import-time, or runtime behaviors of concern were observed in this version. The package name suggests a lightweight Telegram client...
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...
Exploit for Improper Input Validation in Drupal
drupalgeddon2-cli A command-line rewrite of the Drupalged...
Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat
CVE-2025-24813 - Apache Tomcat Partial PUT + Deserialization R...
CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2026-49956
CVE-2026-49956 affects the Hermes WebUI prior to version 0.51.269. The root cause is a profile isolation bypass: an authenticated user can query the sessions search endpoint without active-profile filtering, exposing data from other profiles (session titles and transcript message content). This i...
CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
UBUNTU-CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
EUVD-2026-35325
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
PT-2026-47649
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description WebSocket session IDs in the spring-websocke...