Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31070

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.9AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.5 views

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

4.8CVSS6.5AI score0.00272EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.7 views

PT-2025-87: Incorrect session expiration in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to gain unlimited access to a device by brute-forcing or compromising a session token. Vulnerability status: Confirmed ...

9.2CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.3 views

CVE-2023-1788

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6...

9.8CVSS6.7AI score0.00438EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.3 views

PT-2024-10189 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 6.4.12 through 7.4.0 Description: The issue is related to an operation on a resource after expiration or release, allowing an attacker to gain improper access to FortiGate via valid credentials. This is associat...

9.8CVSS7.7AI score0.00876EPSS
Exploits0References7
CNVD
CNVD
added 2024/07/25 12:0 a.m.4 views

Apache StreamPark Insufficient Session Expiration Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark versions prior to 2.1.4 suffer from a session expiration insufficiency vulnerability, which stems from the fact that the session is not expired after logging...

9.1CVSS6.8AI score0.00788EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.5 views

Siemens SINEC Traffic Analyzer 代码问题漏洞

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer suffers from an insufficient session...

8.8CVSS7AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2023/07/11 5:15 p.m.3 views

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

9.8CVSS5.9AI score0.0043EPSS
Exploits0References1
NCSC
NCSC
added 2021/09/16 12:0 a.m.7 views

Vulnerabilities fixed in FortiSandbox

Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...

5.6CVSS6.6AI score0.02592EPSS
Exploits0
CNVD
CNVD
added 2020/10/20 12:0 a.m.2 views

Adobe Magento User Session Invalidation Vulnerability

Adobe Magento is the U.S. Odobie Adobe company's set of open source PHP e-commerce system. The system provides rights management , search engine and payment gateway and other functions.Magento Open Source is the open source version of Magento.Magento Commerce is the commercial version of Magento....

6.5CVSS6.9AI score0.02292EPSS
Exploits0References1
OSV
OSV
added 2020/08/21 1:15 p.m.2 views

CVE-2020-5774

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session...

7.1CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder