24 matches found
Insufficient Session Expiration
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticateuser function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session...
CVE-2026-1815 Session Hijacking in TEİAŞ's Mobile Application
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
EUVD-2026-31289
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
GO-2026-4991 Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...
PT-2026-42376
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...
CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2025-4754
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
CVE-2023-0041
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657...
CVE-2025-1968
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...
PT-2025-1672 · Progress · Sitefinity
Name of the Vulnerable Software and Affected Versions: Progress Sitefinity versions 4.0 through 14.4.8142 Progress Sitefinity versions 15.0.8200 through 15.0.8229 Progress Sitefinity versions 15.1.8300 through 15.1.8327 Progress Sitefinity versions 15.2.8400 through 15.2.8421 Description: The iss...
AiLux imx6 Security Vulnerability
AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from insufficient session expiration and allows an attacker to conduct a session hijacking attack...
Session fixation
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
Session fixation
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...
Design/Logic Flaw
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
Session fixation
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657...
CVE-2023-0041
IBM Security Guardium 11.5 is affected by CVE-2023-0041, where insufficient session expiration could allow a user to take over another user’s session. Connected sources also indicate Guardium 11.3/11.4/11.5 were affected; remediation is available via IBM FixCentral (links shown in sources), thoug...
Insufficient Session Expiration
librenms/librenms uses insecure session management. The vulnerability exists due to lack of validate user session user session authentication allows a attacker to bypass authentication...
Session fixation
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0...
CVE-2021-46279 Session Fixation and Insufficient Session Expiration
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...