Lucene search
K

216 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability was due to improper session timeout settings, which could cause Web users with SAML configurations t...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-33977

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/15 7:19 p.m.10 views

Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2026/04/15 7:19 p.m.4 views

GHSA-GJ7P-595X-QWF5 Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33385

Name of the Vulnerable Software and Affected Versions Data Sharing Framework versions prior to 2.1.0 Description OIDC-authenticated sessions lack a configured maximum inactivity timeout, allowing sessions to persist indefinitely after login, even after the OIDC access token has expired. This allo...

6.8CVSS5.2AI score0.00154EPSS
Exploits0References10
NVD
NVD
added 2026/04/07 3:17 p.m.5 views

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.21 views

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:11 p.m.8 views

CVE-2026-5376

The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:11 p.m.3 views

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 2:11 p.m.1 views

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were caused by resource expiration or insufficient control after resource...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 6:28 p.m.6 views

EUVD-2026-8706

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS5.5AI score0.00312EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 6:28 p.m.14 views

CVE-2026-25476

OpenEMR prior to version 8.0.0 is affected by a session timeout bypass vulnerability in library/auth.inc.php. When skip_timeout_reset=1 is present in a request, the code block that calls SessionTracker::isSessionExpired() and enforces logout on timeout is skipped, allowing expired sessions to con...

7.5CVSS5.5AI score0.00312EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 6:28 p.m.23 views

CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS0.00312EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 6:28 p.m.7 views

CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS5.7AI score0.00312EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.11 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 8:22 p.m.8 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.4 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 7:52 p.m.4 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/17 7:52 p.m.32 views

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00154EPSS
Exploits0References1
Rows per page
Query Builder