ROS-20260529-73-0015

The vulnerability in openbao is related to improper session management. Exploiting this vulnerability can allow a remote attacker to intercept a user’s session...

CVE-2025-71057

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user...

DAEnetIP4 METO v1.25 - Session Hijacking

DAEnetIP4 METO v1.25 contains improper session management in the /loginok.htm endpoint, letting attackers hijack sessions, exploit requires attacker to control or intercept session tokens. id: CVE-2025-28242 info: name: DAEnetIP4 METO v1.25 - Session Hijacking author: 0xAkoko severity: high...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.9.0 and earlier versions, which originates from a vulnerability in the file...

Improper Session Management

Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

CVE-2025-63219

The CVE-2025-63219 issue affects the ITEL ISO FM SFN Adapter, specifically firmware ISO2 2.0.0.0 and WebServer 2.0. The root cause is improper/session management on the /home.html endpoint, allowing an unauthenticated user to hijack an active session and potentially control the device and modify ...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime 安全漏洞

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime is a smart wired WiFi video doorbell from Reolink USA. A security vulnerability exists in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.46622503122283, which stems from improper session management and could lead t...

Denkovi DAEnetIP4 METO 安全漏洞

Denkovi DAEnetIP4 METO is a multifunctional 10/100 Mb Ethernet device IP controller from Denkovi for management and control. A security vulnerability exists in Denkovi DAEnetIP4 METO version 1.25, which stems from improper session management in the /loginok.htm endpoint, and could lead to a sessi...

Session Fixation

Keycloak is vulnerable to session fixation. The vulnerability is due to improper session management, as the session ID and JSESSIONID cookie are not updated upon login, allowing attackers to hijack a session before authentication and trigger session fixation...

Insufficient Session Expiration

apacheairflowprovidersfab is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper session management, which fails to terminate user sessions upon logout and allowing attackers to continue accessing a user’s session or account...

Improper Session Management

reportico-web/reportico is vulnerable to Improper Session Management. The vulnerability is due to improper handling of session tokens, which allows an attacker to reuse a token after a user has logged out...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

CVE-2024-1900

This CVE affects Devolutions Server (versions up to 2023.3.14.0) where improper session management in the identity provider authentication flow can allow an authenticated user, validated via an external IdP (e.g., Okta or O365), to remain authenticated after their identity is disabled or deleted....

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

Teleport: Improper session management - Failure to invalidate old session after password change

Failure to Invalidate Session on Password Change Failure to invalidate a session after a password change is a vulnerability which allows an attacker to maintain access on a service. Most users have the expectation that when they reset their password, no one else can access their account. When...

Input validation

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup...

CVE-2023-4323

CVE-2023-4323 affects Broadcom RAID Controller web interface, with the vulnerability in improper session management of active sessions on Gateway setup. The Red Hat and NVD entries corroborate, describing a critical issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) that allows network access...