2 matches found
CVE-2026-24352
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-24352
creationtimestamp| type| source ---|---|--- 2026-02-27 10:55:00+00:00| seen| https://cert.pl/en/posts/2026/02/CVE-2026-24350/ 2026-02-27 14:13:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mftvfl364l2v 2026-02-28 08:00:32+00:00| seen|...