Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
session vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23558
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
NA
CVE-2024-29837
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated malicious user to access administrator functionality if any other user is already signed in.
NA
CVE-2024-29022
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a mal...
NA
CVE-2024-29023
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. U...
NA
CVE-2024-22358
IBM UrbanCode Deploy (UCD) 7.0 up to and including 7.0.5.20, 7.1 up to and including 7.1.2.16, 7.2 up to and including 7.2.3.9, 7.3 up to and including 7.3.2.4 and IBM DevOps Deploy 8.0 up to and including 8.0.0.1 does not invalidate session after logout which could allow an auth...
NA
CVE-2024-0157
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
NA
CVE-2024-22359
IBM UrbanCode Deploy (UCD) 7.0 up to and including 7.0.5.20, 7.1 up to and including 7.1.2.16, 7.2 up to and including 7.2.3.9, 7.3 up to and including 7.3.2.4 and IBM DevOps Deploy 8.0 up to and including 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows ...
NA
CVE-2024-21598
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated malicious user to cause a Denial of Service (DoS). If a BGP update is received ove...
7.5
CVSSv3
CVE-2024-30395
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based malicious user to cause Denial of Service (DoS). If a BGP update is received over an established BGP session ...
NA
CVE-2023-47714
IBM Sterling File Gateway 6.0.0.0 up to and including 6.0.3.9, 6.1.0.0 up to and including 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »