In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time …

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentica…

An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini…

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire…

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_k…

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be…

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 an…

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy w…

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cooki…

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password…

An issue was discovered in October through build 471. It reactivates an old session ID (which h…

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacki…

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and es…

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user …

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of t…

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens a…

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana …

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through…

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On…

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each sessio…

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length a…

Session fixation vulnerability in pcsd in pcs before 0.9.157.

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2…

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2…

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly c…

Improper administrator IP validation after his login in the HTTPd server in all current version…

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles prov…

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 …

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles…

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi ver…

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated re…

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user sessio…

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to …

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not prope…

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is de…

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not ade…

A vulnerability in the web-based management interface of multiple Cisco Small Business Series S…

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x b…

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper…