Lucene search
+L

10 matches found

attackerkb
attackerkb
added 2026/06/25 3:45 p.m.7 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/06/25 3:45 p.m.3 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6.1AI score0.0015EPSS
Exploits1References3
nessus
nessus
added 2026/04/26 12:0 a.m.5 views

Fedora 45 : live555 / vlc (2026-56c8fe41c8)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-56c8fe41c8 advisory. Latest upstream release. Adds protection against the use of a 'stolen' authenticated RTSP session id to send RTSP server's PLAY, PAUSE, TEARDOWN, and...

5.5AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/05 12:0 a.m.11 views

PT-2026-23614

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin does not properly invalidate server-side sessions upon user logout. Although the browser cookie is cleared during logout, the corresponding session remains valid in server storage until...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References138
cvelist
cvelist
added 2023/09/13 12:29 p.m.29 views

CVE-2023-36638

An improper privilege management vulnerability CWE-269 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may...

4.3CVSS4.9AI score0.00341EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/09/13 12:0 a.m.7 views

Fortinet FortiManager Security Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different administrative domains ADOMs to further simplify multi-device security deployme...

4.3CVSS6.8AI score0.00341EPSS
Exploits0References3
osv
osv
added 2017/05/27 12:29 a.m.5 views

CVE-2017-7337

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion...

9.1CVSS5.8AI score0.01062EPSS
Exploits0References1
prion
prion
added 2017/05/27 12:29 a.m.19 views

Improper access control

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion...

6.4CVSS9AI score0.01062EPSS
Exploits0References1Affected Software1
thn
thn
added 2011/08/29 9:41 a.m.10 views

Hacking a Facebook Account using Facebook

Hacking a Facebook Account using Facebook Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook static FBML .Example here . Here you can get that Facebook FBML script : What user wi...

6.7AI score
Exploits0
tomcat
tomcat
added 2008/01/21 12:0 a.m.48 views

Fixed in Apache Tomcat 5.5.21

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.5AI score0.19622EPSS
Exploits2Affected Software1
Rows per page
Query Builder