5 matches found
CVE-2026-35095 Session fixation in KTM System e-BOK
KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...
CVE-2026-33384
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...
CVE-2026-25101
Bludit exposes a session fixation vulnerability: an attacker can set a user’s session ID before authentication, and the ID persists after login, enabling session hijacking. The issue affects Bludit and is fixed in version 3.17.2. Metrics indicate a high-impact CVSS base score (C/H I/H A/H) with n...
CVE-2026-24352 Session Fixation in PluXml CMS
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
EUVD-2026-5552
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...