CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29816

Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...

7.1CVSS6AI score0.00014EPSS

Exploits2References6

EUVD•added 2025/11/14 8:50 p.m.•1 views

EUVD-2025-197620

Flowise Fails to Invalidate Existing Sessions After Password Changes...

6.4AI score

Exploits0References3

EUVD•added 2025/10/23 3:30 p.m.•3 views

EUVD-2025-35689

Keycloak does not invalidate sessions when "Remember Me" is disabled...

5.4CVSS6.4AI score0.00126EPSS

Exploits0References6

Vulnrichment•added 2025/10/23 2:9 p.m.•1 views

CVE-2025-11429 Keycloak-server: too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS6.1AI score0.00126EPSS

Exploits0References7

NVD•added 2024/05/06 4:15 p.m.•4 views

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 6.14.0.3 is also a fixed release...

8.8CVSS6.6AI score0.00191EPSS

Exploits0References2

Prion•added 2023/05/08 9:15 p.m.•9 views

Design/Logic Flaw

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

4CVSS6.5AI score0.00214EPSS

Exploits1References4Affected Software1

NVD•added 2022/12/14 9:15 a.m.•9 views

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

6.1CVSS0.0019EPSS

Exploits0References1

OSV•added 2018/09/26 7:29 p.m.•1 views

CVE-2018-8852

Philips e-Alert Unit non-medical device, Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier...

8.8CVSS5.8AI score

Exploits0References3

CNVD•added 2015/09/27 12:0 a.m.•3 views

IBM WebSphere eXtreme Scale Access Privilege Bypass Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale does not invalidate pre-existing session identifiers, allowing remote attackers to exploit the vulnerability to gain access to other users...

4.3CVSS7AI score0.00246EPSS

Exploits0References1