CVE-2019-11123

Insufficient session validation in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...

PT-2025-20865 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Update 3 SIMATIC PCS neo versions prior to V5.0 Update 1 Description: A vulnerability has been identified in SIMATIC PCS neo where affected products do not correctly invalidate user sessions upon user...

IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

Unauthorized API Access

Directus is vulnerable to unauthorized API access by suspended users. The vulnerability is due to missing session validation due to the absence of a check in verifySessionJWT to confirm if a user is still active and authorized...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

BIT-SUPERSET-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...

CloudFoundry UAA 安全漏洞

CloudFoundry UAA is a multi-tenant identity management service from the CloudFoundry Foundation. A security vulnerability exists in CloudFoundry UAA that stems from an inability to properly validate session information between regions. An attacker exploiting this vulnerability could reuse its...

PT-2025-4393 · Uaa · Uaa

Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-24502

CVE-2025-24502 describes an improper session validation that allows an unauthenticated attacker to trigger request notifications in the context of the wrong user by spoofing the client IP address. Connected sources identify Broadcom Symantec Privileged Access Management (PAM) as affected, with no...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

PT-2025-5374 · Broadcom · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP addres...

CVE-2024-38315

CVE-2024-38315 – IBM Aspera Shares session handling issue : IBM Aspera Shares versions 1.0.0 to 1.10.0 PL2 do not invalidate a user session after a password reset, which could allow an authenticated user to impersonate another user. Root cause: lack of session invalidation post-password reset. Af...

GHSA-96C6-M98X-HXJX Zend-Session session validation vulnerability

Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails where $this-manager is an instance of Zend\Session\SessionManager: $this -manager -getValidatorChain -attach'session.validate', arraynew RemoteAddr, 'isValid...

Zend-Session session validation vulnerability

Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails where $this-manager is an instance of Zend\Session\SessionManager: $this -manager -getValidatorChain -attach'session.validate', arraynew RemoteAddr, 'isValid...

Zendframework session validation vulnerability

Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails where $this-manager is an instance of Zend\Session\SessionManager: $this -manager -getValidatorChain -attach'session.validate', arraynew RemoteAddr, 'isValid...