11 matches found
PT-2026-31070
An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...
CVE-2025-25252
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...
PT-2025-87: Incorrect session expiration in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to gain unlimited access to a device by brute-forcing or compromising a session token. Vulnerability status: Confirmed ...
CVE-2023-1788
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6...
PT-2024-10189 · Fortinet · Fortimanager +1
Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 6.4.12 through 7.4.0 Description: The issue is related to an operation on a resource after expiration or release, allowing an attacker to gain improper access to FortiGate via valid credentials. This is associat...
Apache StreamPark Insufficient Session Expiration Vulnerability
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark versions prior to 2.1.4 suffer from a session expiration insufficiency vulnerability, which stems from the fact that the session is not expired after logging...
Siemens SINEC Traffic Analyzer 代码问题漏洞
SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer suffers from an insufficient session...
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...
Vulnerabilities fixed in FortiSandbox
Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...
Adobe Magento User Session Invalidation Vulnerability
Adobe Magento is the U.S. Odobie Adobe company's set of open source PHP e-commerce system. The system provides rights management , search engine and payment gateway and other functions.Magento Open Source is the open source version of Magento.Magento Commerce is the commercial version of Magento....
CVE-2020-5774
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session...