468 matches found
CVE-2026-44383
CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...
CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...
Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]
Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...
Insufficient Session Expiration
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of user status verification in the validateSession process. An attacker can maintain unauthorized access to server endpoints and sensiti...
Insufficient Session Expiration
Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the JWT validation process. An attacker can maintain persistent unauthorized access by presenting tokens that omit the exp and iat claims, thereby bypassing session expiration and freshness checks. Thi...
CVE-2026-1163
An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to enforce SAML assertion time bounds in the ParseSamlResponse process. An attacker can maintain unauthorized access or prolong a session by submitting SAML assertions with invalid or...
Insufficient Session Expiration
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
PT-2026-42474
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
Insufficient Session Expiration
Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to generate new access...
Insufficient Session Expiration
Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...
Insufficient Session Expiration
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...