Exploit for CVE-2026-41940

SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...

CVE-2026-24318

The CVE concerns SAP Business Objects BI Platform. An insecure session management flaw could allow an unauthenticated attacker to obtain valid session tokens and reuse them to access or modify data within a victim’s session scope, impacting confidentiality and integrity (availability unchanged). ...

AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who...

Exploit for CVE-2026-22812

CVE-2026-22812 Overview A Python exploitation tool for Ope...

VulnCheck KEV: CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

N-able N-Central Authentication Bypass and XXE Scanner

This module scans for vulnerable N-able N-Central instances affected by CVE-2025-9316 Unauthenticated Session Bypass and CVE-2025-11700 XXE. The module attempts to exploit CVE-2025-9316 by sending a sessionHello SOAP request to the ServerMMS endpoint with various appliance IDs to obtain an...

CVE-2025-9316

CVE-2025-9316 affects N-able N-Central versions before 2025.4, enabling unauthenticated sessionID generation and potential session hijack. A nuclei template and advisories describe it as an authentication bypass; mitigations cite updating to 2025.4 or later. Some sources also reference combining ...

EUVD-2013-3404

Malware in sbrugna...

EUVD-2024-32074

Malicious code in bioql PyPI...

Exploit for Unprotected Alternate Channel in Crushftp

CrushFTP AS2 Authentication Bypass – CVE-2025-54309 Aut...

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

CVE-2024-3488

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication...

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

AbsysNET 安全漏洞

AbsysNET is an open source library online management system from Library Technology Guides. A security vulnerability exists in AbsysNet version 2.3.1, which stems from an insecure direct object reference that allows an attacker to obtain an unauthenticated user session by brute-force attacking th...

Mirai Botnet 安全漏洞

Mirai Botnet is a leaked Mirai source code by Jerry Gamblin personal developer. It is used for research purposes in order to develop IoT and more. A security vulnerability exists in Mirai Botnet version 2024-08-19 and prior versions, which stems from a mishandled simultaneous TCP connection to a...

CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication...

CVE-2024-3488

CVE-2024-3488 concerns OpenText iManager 3.2.6.0200 with a file-upload vulnerability in an unauthenticated session. Multiple connected sources confirm that an attacker could upload a file without authentication, potentially affecting confidentiality, integrity, and availability of the system as r...