Lucene search
K

24 matches found

Snyk
Snyk
added 2026/06/21 2:39 a.m.6 views

Insufficient Session Expiration

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticateuser function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session...

7.1CVSS6.6AI score0.00262EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/21 1:56 p.m.41 views

CVE-2026-1815 Session Hijacking in TEİAŞ's Mobile Application

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 1:56 p.m.13 views

EUVD-2026-31289

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-4991 Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42376

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 6:41 p.m.4 views

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

8.7CVSS5.5AI score0.00716EPSS
Exploits3References3
OSV
OSV
added 2025/06/17 3:15 p.m.4 views

CVE-2025-4754

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

2.3CVSS6.2AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.6 views

CVE-2023-0041

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657...

8.8CVSS8.3AI score0.00455EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/09 2:15 p.m.4 views

CVE-2025-1968

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...

7.7CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.3 views

PT-2025-1672 · Progress · Sitefinity

Name of the Vulnerable Software and Affected Versions: Progress Sitefinity versions 4.0 through 14.4.8142 Progress Sitefinity versions 15.0.8200 through 15.0.8229 Progress Sitefinity versions 15.1.8300 through 15.1.8327 Progress Sitefinity versions 15.2.8400 through 15.2.8421 Description: The iss...

8.4CVSS6.5AI score0.00344EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

AiLux imx6 Security Vulnerability

AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from insufficient session expiration and allows an attacker to conduct a session hijacking attack...

9.8CVSS6.7AI score0.00373EPSS
Exploits0References2
Prion
Prion
added 2023/11/01 1:15 a.m.29 views

Session fixation

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

4CVSS6.8AI score0.0044EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/10/31 11:15 p.m.13 views

Session fixation

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...

5CVSS5.3AI score0.00402EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/11 5:15 p.m.22 views

Design/Logic Flaw

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

7.5CVSS9.5AI score0.0043EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/06/05 1:15 a.m.26 views

Session fixation

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657...

6.5CVSS8.2AI score0.00455EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/05 12:53 a.m.71 views

CVE-2023-0041

IBM Security Guardium 11.5 is affected by CVE-2023-0041, where insufficient session expiration could allow a user to take over another user’s session. Connected sources also indicate Guardium 11.3/11.4/11.5 were affected; remediation is available via IBM FixCentral (links shown in sources), thoug...

8.8CVSS7.1AI score0.00455EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/11/23 3:11 a.m.15 views

Insufficient Session Expiration

librenms/librenms uses insecure session management. The vulnerability exists due to lack of validate user session user session authentication allows a attacker to bypass authentication...

9.8CVSS9AI score0.00598EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/11/20 5:15 a.m.14 views

Session fixation

Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0...

7.5CVSS9.5AI score0.00598EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.6 views

CVE-2021-46279 Session Fixation and Insufficient Session Expiration

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.8CVSS8.8AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/04 3:40 p.m.23 views

CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

8.1CVSS8.3AI score0.01617EPSS
Exploits0References1
Rows per page
Query Builder