170 matches found
CVE-2025-3319
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...
The vulnerability of the web interfaces of IBM OpenPages and IBM OpenPages with Watson allows a hacker to intercept user sessions.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...
CVE-2018-11714
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...
Siemens SIMATIC PCS neo 代码问题漏洞
Siemens SIMATIC PCS neo is a distributed control system from Siemens, Germany. A code issue vulnerability exists in Siemens SIMATIC PCS neo that originates from a user logging off and not properly disabling the session, which could lead to session reuse...
PHPGurukul Hostel Management System 安全漏洞
Hostel Management System is a hostel management system. Hostel Management System has a session hijacking vulnerability that stems from improper handling of session data in the file /hostel/change-password.php, no details of the vulnerability are available at this time...
The vulnerability of the SAML (Security Assertion Markup Language) technology in the PAN-OS operating system allows a perpetrator to increase their privileges.
The vulnerability of the SAML Security Assertion Markup Language technology in the PAN-OS operating system is related to improper session management. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
Denkovi DAEnetIP4 METO 安全漏洞
Denkovi DAEnetIP4 METO is a multifunctional 10/100 Mb Ethernet device IP controller from Denkovi for management and control. A security vulnerability exists in Denkovi DAEnetIP4 METO version 1.25, which stems from improper session management in the /loginok.htm endpoint, and could lead to a sessi...
CVE-2025-28059
CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...
The vulnerability of the Service Layer component of the SAP Business One resource management system allows a malicious actor to enhance their privileges and gain access to read, modify, and/or add data.
The vulnerability of the Service Layer component of the SAP Business One resource management system is related to improper session management. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain access to read, modify, and/or add data...
ZOHO ManageEngine ADSelfService Plus 授权问题漏洞
ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...
CVE-2025-24502
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...
The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.
The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...
The vulnerability of the TFA two-factor authentication module in Drupal CMS systems allows a hacker to intercept the user’s session.
The vulnerability of the Two-factor Authentication TFA module in Drupal CMS systems is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...
PT-2025-5374 · Broadcom · Symantec Privileged Access Management
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP addres...
Session Fixation
NiceGUI is vulnerable to Session Fixation. The vulnerability is due to improper session handling, where authenticating with NiceGUI logged in the user across all browsers, including those in incognito mode...
Improper Session Termination
umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...
Session Fixation
Keycloak is vulnerable to session fixation. The vulnerability is due to improper session management, as the session ID and JSESSIONID cookie are not updated upon login, allowing attackers to hijack a session before authentication and trigger session fixation...
Insufficient Session Expiration
apacheairflowprovidersfab is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper session management, which fails to terminate user sessions upon logout and allowing attackers to continue accessing a user’s session or account...
Insecure Authentication
magento/community-edition is vulnerable to Insecure authentication. The vulnerability is due to improper session handling that allows an unauthenticated user to append arbitrary session IDs which will not be invalidated by subsequent authentication, allowing attackers to hijack or manipulate user...
The vulnerability of the QNAP TS-X41 network storage device, related to improper session management, allows a hacker to intercept the user’s session.
The vulnerability of the QNAP TS-X41 network storage device is related to improper session management. Exploiting this vulnerability could allow a malicious actor to intercept a user’s session...