Lucene search
K

1471 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-44383

CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-28564

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS0.00367EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-28564

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42832

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-28564

The CVE-2026-28564 issue affects Apache IoTDB prior to 2.0.10. It is described as an authentication bypass caused by insufficient session expiration, enabling capture–replay against REST Basic Authentication. Affected versions are 1.0.0 up to, but not including, 2.0.10. The practical impact is hi...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS0.00411EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 8:16 a.m.7 views

CVE-2026-14725

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 8:0 a.m.16 views

CVE-2026-14725

Technical details about CVE-2026-14725 are not publicly available in the provided documents. No information on affected components, root cause, or remediation is included here. Monitor for updates and official advisories.

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 8:0 a.m.9 views

EUVD-2026-41737

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.14 views

PT-2026-55777

Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0 Description An issue exists in an unknown functionality that allows a remote attacker to cause session expiration. Recommendations At the moment, there is no information about a newer...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References10
CVE
CVE
added 2026/06/30 8:11 p.m.17 views

CVE-2025-36359

CVE-2025-36359 affects IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2. The root cause is that session IDs are not invalidated after expiration, enabling an authenticated user to impersonate another user on the system. The IBM security bulletin confirms a CVSS v3.1 base score of 8.1 (HIGH) ...

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/30 8:11 p.m.33 views

CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/29 5:7 a.m.10 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:27 p.m.3 views

Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]

Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...

8.1CVSS5.9AI score0.00189EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/22 11:19 p.m.6 views

Insufficient Session Expiration

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of user status verification in the validateSession process. An attacker can maintain unauthorized access to server endpoints and sensiti...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 10:16 a.m.14 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 9:0 a.m.23 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:0 a.m.3 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 9:0 a.m.8 views

EUVD-2026-38155

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.35 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
Rows per page
Query Builder