CVE-2023-53970

CVE-2023-53970 concerns Screen SFT DAB 600/C firmware 1.9.3, which exposes a weak session management vulnerability. Attackers can bypass authentication by reusing IP-bound session identifiers and abuse the deviceManagement API endpoint to send crafted POST requests that reset device configuration...

Improper Session Management

Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...

EUVD-2025-36502

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

GHSA-RG35-5V25-MQVP Keycloak vulnerable to session takeovers due to reuse of session identifiers

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

PT-2023-21982 · Hikvision · Hikvision Access Control

Name of the Vulnerable Software and Affected Versions: Hikvision Access Control affected versions not specified Description: The issue allows attackers to perform a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit this,...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...