1471 matches found
CVE-2026-44383
CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...
CVE-2026-28564
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
CVE-2026-28564
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
EUVD-2026-42832
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...
CVE-2026-28564
The CVE-2026-28564 issue affects Apache IoTDB prior to 2.0.10. It is described as an authentication bypass caused by insufficient session expiration, enabling capture–replay against REST Basic Authentication. Affected versions are 1.0.0 up to, but not including, 2.0.10. The practical impact is hi...
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-14725
A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2026-14725
Technical details about CVE-2026-14725 are not publicly available in the provided documents. No information on affected components, root cause, or remediation is included here. Monitor for updates and official advisories.
EUVD-2026-41737
A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
PT-2026-55777
Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0 Description An issue exists in an unknown functionality that allows a remote attacker to cause session expiration. Recommendations At the moment, there is no information about a newer...
CVE-2025-36359
CVE-2025-36359 affects IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2. The root cause is that session IDs are not invalidated after expiration, enabling an authenticated user to impersonate another user on the system. The IBM security bulletin confirms a CVSS v3.1 base score of 8.1 (HIGH) ...
CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...
CVE-2026-12772
A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...
Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]
Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...
Insufficient Session Expiration
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of user status verification in the validateSession process. An attacker can maintain unauthorized access to server endpoints and sensiti...
CVE-2026-12796
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...
CVE-2026-12796
Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...
CVE-2026-12796
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...
EUVD-2026-38155
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...
CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...