Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke OAuth tokens in the revokeAllOAuthTokensByUser process after password change, reset, or recovery. An attacker can maintain unauthorized access by continuing...

EUVD-2020-15893

Malware in sbrugna...

EUVD-2020-26933

Malware in sbrugna...

EUVD-2022-6938

Malicious code in bioql PyPI...

EUVD-2022-4065

Malicious code in bioql PyPI...

EUVD-2024-3039

Malicious code in bioql PyPI...

CVE-2024-50562

CVE-2024-50562 is an Insufficient Session Expiration (CWE-613) in FortiOS SSL-VPN. A stolen cookie could allow a logged-out/expired session to re-authenticate. Affected FortiOS/ FortiSASE: FortiOS 7.6.0 (fixed in 7.6.1), 7.4.0–7.4.7 (fixed in 7.4.8), 7.2.0–7.2.10 (fixed in 7.2.11), and all 7.0 an...

CVE-2024-46040

IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after t...

CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API...

CVE-2020-6363

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate...

CVE-2020-6291

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

CVE-2025-1198 Insufficient Session Expiration in GitLab

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results...

CVE-2025-1198 Insufficient Session Expiration in GitLab

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results...

CVE-2024-48926

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server...

Apache CloudStack 代码问题漏洞

Apache CloudStack is a set of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack, which stems from ...

PT-2024-4576 · Unknown · Sinec Traffic Analyzer

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to V1.2 Description: A vulnerability has been identified in the affected application where it does not expire the session, potentially allowing an attacker to gain unauthorized access. The issue is relate...

CVE-2024-0008 PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access...

PT-2023-27074 · Elenos · Elenos Etg150 Fm Transmitter

Name of the Vulnerable Software and Affected Versions: Elenos ETG150 FM Transmitter version 3.12 Description: The issue is related to insufficient session expiration, allowing attackers to change transmitter configuration and data after a user has logged out. Recommendations: For Elenos ETG150 FM...

firefly-iii 代码问题漏洞

firefly-iii is a free and open source personal finance manager. A code issue vulnerability exists in versions prior to firefly-iii 6, which stems from the presence of an insufficient session expiration time...