Lucene search
+L

22 matches found

RedhatCVE
RedhatCVE
added 2026/05/07 2:20 p.m.10 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37375

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description A session fixation attack is possible due to the missing invocation of the Servlet http web request method...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References9
CVE
CVE
added 2026/04/01 8:54 p.m.16 views

CVE-2026-4820

CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 8:54 p.m.3 views

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.8 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS 10 and HPE AOS 8 that stems from an arbitrary file write vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS versions 10 and 8, which stems from an arbitrary file upload vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.0043EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/07 12:0 a.m.3 views

IBM Maximo Application Suite 加密问题漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An encryption issue vulnerability exists in IBM Maximo Application Suite versions 8.10, 8.11, and 9.0,...

7.5CVSS6.6AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/27 9:15 p.m.2 views

CVE-2022-36949

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.3CVSS5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/27 9:15 p.m.4 views

CVE-2022-36948

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

5.4CVSS5.8AI score0.00377EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/28 7:15 p.m.7 views

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

4.3CVSS5.3AI score0.00682EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/05/11 3:15 p.m.4 views

CVE-2021-27614

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/04 12:0 a.m.9 views

LG Mobile Devices With Android OS Resource Management Error Vulnerability

LG mobile is a line of mobile device products from LG. LG Mobile devices Google Android OS 8.0, 8.1, 9.0, and 10 software suffer from a resource management error vulnerability that stems from the USB laf gadget having a use-after-free...

9.8CVSS7.3AI score0.00549EPSS
Exploits0References2
OSV
OSV
added 2020/12/14 8:15 p.m.7 views

CVE-2020-16102

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to...

8.2CVSS5.8AI score0.01029EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/09 12:0 a.m.3 views

Google Android Framework elevation of privilege vulnerability (CNVD-2020-54072)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to gain...

7.8CVSS7.4AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/09 12:0 a.m.2 views

Google Android Framework Information Disclosure Vulnerability (CNVD-2020-54067)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit the vulnerability to obtain...

5.5CVSS6.2AI score0.00175EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/09 12:0 a.m.3 views

Google Android Framework Information Disclosure Vulnerability (CNVD-2020-54066)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. An attacker can exploit the vulnerability to obtain...

5.5CVSS6.2AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/27 12:0 a.m.4 views

PT-2020-12447 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...

9.8CVSS9AI score0.01448EPSS
Exploits0References10
OSV
OSV
added 2020/03/10 8:15 p.m.6 views

CVE-2020-0039

In rwi93smupdatendef of rwi93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

7.5CVSS7.2AI score0.01145EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/09 12:0 a.m.4 views

Google Android Framework elevation of privilege vulnerability (CNVD-2020-07202)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.0, 8.1, 9, and 10. No details of the vulnerability are available at this tim...

5.5CVSS7.2AI score0.00964EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/05 12:0 a.m.6 views

Google Android Media Framework elevation of privilege vulnerability (CNVD-2019-39696)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Media framework component in Google Android 8.0, 8.1, 9, and 10. An attacker can exploit this vulnerability to...

7.8CVSS7.1AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder