1418 matches found
CVE-2026-1163
An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
CVE-2026-46401
HAX CMS (PHP/Node.js backends) has an improper session termination vulnerability affecting versions prior to 26.0.0, where authentication tokens remain valid after logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing log...
Insufficient Session Expiration
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the startupTime reset during server restart when revokeRefreshToken=tr...
CVE-2026-8670
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...
CVE-2026-8670
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...
EUVD-2026-31435
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...
Avantra 安全漏洞
Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.1 contained security vulnerabilities; these vulnerabilities were due to insufficient session expiration time, which could lead to session reuse...
PT-2026-42761
Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.1 Description Insufficient session expiration in syslink software AG Avantra on Linux and Windows allows for the reuse of session IDs, a technique known as Session Replay, where an attacker captures and reuse a...
Insufficient Session Expiration
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
CVE-2026-1815 Session Hijacking in TEİAŞ's Mobile Application
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
CVE-2026-1815
TEİAŞ Mobile Application is affected by an Insufficient session expiration vulnerability (CVE-2026-1815) that enables session hijacking. Affected versions are 1.6.2 up to
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
TEİAŞ Mobile Application 代码问题漏洞
TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 had code vulnerabilities. These vulnerabilities were caused by...
PT-2026-42474
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
Insufficient Session Expiration
Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...
Insufficient Session Expiration
Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to generate new access...
Insufficient Session Expiration
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...
EUVD-2026-29822
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with...