Lucene search
+L

1476 matches found

CVE
CVE
added 2026/06/05 7:18 p.m.30 views

CVE-2026-46401

HAX CMS (PHP/Node.js backends) has an improper session termination vulnerability affecting versions prior to 26.0.0, where authentication tokens remain valid after logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing log...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 4:43 p.m.10 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke OAuth tokens in the revokeAllOAuthTokensByUser process after password change, reset, or recovery. An attacker can maintain unauthorized access by continuing...

6.3CVSS5.4AI score0.00295EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 6:30 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to enforce SAML assertion time bounds in the ParseSamlResponse process. An attacker can maintain unauthorized access or prolong a session by submitting SAML assertions with invalid or...

8.7CVSS6AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 4:10 a.m.7 views

Insufficient Session Expiration

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the startupTime reset during server restart when revokeRefreshToken=tr...

7.6CVSS5.4AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 2:16 p.m.12 views

CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 1:12 p.m.8 views

CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 1:12 p.m.13 views

EUVD-2026-31435

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42761

Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.1 Description Insufficient session expiration in syslink software AG Avantra on Linux and Windows allows for the reuse of session IDs, a technique known as Session Replay, where an attacker captures and reuse a...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.1 contained security vulnerabilities; these vulnerabilities were due to insufficient session expiration time, which could lead to session reuse...

9.6CVSS5.8AI score0.00216EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/21 8:39 p.m.27 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 3:16 p.m.13 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 1:56 p.m.10 views

CVE-2026-1815 Session Hijacking in TEİAŞ's Mobile Application

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 1:56 p.m.23 views

CVE-2026-1815

TEİAŞ Mobile Application is affected by an Insufficient session expiration vulnerability (CVE-2026-1815) that enables session hijacking. Affected versions are 1.6.2 up to

5.7CVSS5.8AI score0.00178EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:56 p.m.17 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

TEİAŞ Mobile Application 代码问题漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 had code vulnerabilities. These vulnerabilities were caused by...

5.7CVSS5.9AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.25 views

PT-2026-42474

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.13 views

Insufficient Session Expiration

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to generate new access...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.27 views

Insufficient Session Expiration

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 10:23 p.m.12 views

Insufficient Session Expiration

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...

8.3CVSS5.8AI score0.00394EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29822

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
Rows per page
Query Builder