Lucene search
K

468 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-44383

CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:27 p.m.3 views

Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]

Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...

8.1CVSS5.9AI score0.00189EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/22 11:19 p.m.6 views

Insufficient Session Expiration

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of user status verification in the validateSession process. An attacker can maintain unauthorized access to server endpoints and sensiti...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.6 views

Insufficient Session Expiration

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...

8.2CVSS5.9AI score0.00268EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:52 p.m.5 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the JWT validation process. An attacker can maintain persistent unauthorized access by presenting tokens that omit the exp and iat claims, thereby bypassing session expiration and freshness checks. Thi...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.4AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.4AI score0.00178EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 6:30 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to enforce SAML assertion time bounds in the ParseSamlResponse process. An attacker can maintain unauthorized access or prolong a session by submitting SAML assertions with invalid or...

8.7CVSS6AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:39 p.m.27 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:56 p.m.17 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.23 views

PT-2026-42474

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.13 views

Insufficient Session Expiration

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to generate new access...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.14 views

Insufficient Session Expiration

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 10:23 p.m.12 views

Insufficient Session Expiration

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...

8.3CVSS5.8AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 5:39 p.m.12 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...

4.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/08 5:39 p.m.9 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...

4.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 2:57 a.m.7 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 2:57 a.m.8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 2:57 a.m.8 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in JWT validation middleware. An attacker can maintain unauthorized access to user accounts by reusing previously issued JSON Web Tokens even after a password change, as the tokens are not invalidated or...

6.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder