317 matches found
CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...
CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...
Exploit for CVE-2025-52689
CVE-2025-52689 PoC Code PoC code for CVE-2025-52689 Alcatel-L...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
CVE-2023-24495
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2020-9034
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...
CVE-2020-23036
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the password authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to re...
CVE-2019-11123
Insufficient session validation in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...
PT-2025-20865 · Siemens · Simatic Pcs Neo
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Update 3 SIMATIC PCS neo versions prior to V5.0 Update 1 Description: A vulnerability has been identified in SIMATIC PCS neo where affected products do not correctly invalidate user sessions upon user...
IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)
The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...
CVE-2025-29339
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...
Unauthorized API Access
Directus is vulnerable to unauthorized API access by suspended users. The vulnerability is due to missing session validation due to the absence of a check in verifySessionJWT to confirm if a user is still active and authorized...
CVE-2025-24502
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...
BIT-SUPERSET-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...
CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...
CloudFoundry UAA 安全漏洞
CloudFoundry UAA is a multi-tenant identity management service from the CloudFoundry Foundation. A security vulnerability exists in CloudFoundry UAA that stems from an inability to properly validate session information between regions. An attacker exploiting this vulnerability could reuse its...
PT-2025-4393 · Uaa · Uaa
Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...
CVE-2025-24502
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...