Falhas do tipo CWE-488
29 resultadosCVE-2024-38367HIGHCoacoaPods trunk sessions verification step could be manipulated for owner session hijackingEPSS 11.0%CVE-2024-6162HIGHUndertow: url-encoded request path information can be broken on ajp-listenerEPSS 1.7%CVE-2025-1247HIGHIo.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instanceEPSS 0.7%CVE-2024-27935HIGHDeno's Node.js Compatibility Runtime has Cross-Session Data ContaminationEPSS 0.7%CVE-2024-27455CRITICALIn the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attemptsEPSS 0.6%CVE-2024-5148HIGHGnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificateEPSS 0.6%CVE-2023-6519HIGHSeeing admin password hash value in Mia Technology's Mia-MedEPSS 0.5%CVE-2024-1223MEDIUMImproper authorization controls in PaperCut NG/MFEPSS 0.4%CVE-2023-1907HIGHPgadmin: users authenticated simultaneously via ldap may be attached to the wrong sessionEPSS 0.4%CVE-2024-41977HIGHA vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM EPSS 0.4%CVE-2025-47928CRITICALSpotipy repo vulnerable to secrets exfiltration via `pull_request_target`EPSS 0.4%CVE-2024-11094MEDIUM404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information ExposureEPSS 0.4%CVE-2024-7049MEDIUMExposure of Token in open-webui/open-webuiEPSS 0.3%CVE-2024-8314MEDIUMImproper session handling in B&R APROLEPSS 0.3%CVE-2025-30073HIGHAn issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a EPSS 0.3%CVE-2026-23646MEDIUMOpenProject users can delete other user's session, causing them to be logged outEPSS 0.3%CVE-2026-46416MEDIUMMicrosoft UFO shared WebSocket handler state causes cross-client response hijackingEPSS 0.3%CVE-2026-33215MEDIUMNATS is vulnerable to MQTT hijacking via Client IDEPSS 0.2%CVE-2022-40210MEDIUMExposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enabEPSS 0.2%CVE-2025-24934MEDIUMSO_REUSEPORT_LB breaks connect(2) for UDP socketsEPSS 0.2%