CWE-384: CWE-384
Yearly Trend
Top Affected Vendors
All CWE-384 CVEs (72)
CVE-2023-53775 is an authentication bypass vulnerability in Screen SFT DAB 1.9.3 that allows attackers to change user passwords without proper authent...
Dec 10, 2025This CVE describes a session fixation vulnerability in Apache Tomcat's rewrite valve that allows attackers to hijack user sessions. Attackers can fixa...
Aug 13, 2025HCL MyXalytics has a session fixation vulnerability where attackers can set a victim's session token via crafted URLs. This allows unauthorized access...
Jan 11, 2025IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 fails to properly invalidate session IDs after use...
Jan 20, 2026This CVE describes a session fixation vulnerability in givanz Vvveb CMS version 1.0.6.1 that allows attackers to hijack user sessions by fixing sessio...
Aug 4, 2025A session fixation vulnerability in Blood Bank Management System 1.0 allows attackers to hijack user sessions by setting session IDs before authentica...
Dec 1, 2025This vulnerability allows attackers to fix session IDs in CKAN when server-side session storage is configured, enabling session fixation attacks. Atta...
Oct 29, 2025This vulnerability allows an authenticated remote attacker to hijack active user sessions in the AOS-CX OS web management interface, potentially leadi...
Nov 18, 2025A session fixation vulnerability in Akın Software's QR Menu allows attackers to hijack user sessions by fixing session IDs before authentication. Thi...
Jan 29, 2026This vulnerability in Password Pusher allows session hijacking if an attacker captures a user's session cookie before logout. Attackers can then imper...
Dec 30, 2024HCL iAutomate has a session fixation vulnerability where an attacker can hijack a user's authenticated session by fixing their session ID. This allows...
Feb 5, 2025This vulnerability allows authenticated users to bypass zone isolation in Cloud Foundry UAA by reusing session cookies across different identity zones...
Jan 31, 2025A session fixation vulnerability in NGINX OpenID Connect reference implementation allows attackers to bind a victim's session to an attacker-controlle...
Nov 6, 2024This vulnerability in specific TP-LINK routers allows attackers to hijack TCP sessions by exploiting sequence number leakage in NAT-enabled Wi-Fi netw...
May 28, 2024This vulnerability in GLPI allows session hijacking when remote authentication via SSO is used. An attacker on the same machine can steal another user...
Feb 4, 2026This vulnerability in EVerest EV charging software allows attackers to exploit other weaknesses by keeping connections alive despite errors. All EVere...
Jan 21, 2026IBM OpenPages with Watson versions 8.3 and 9.0 have a session management vulnerability where chat sessions remain active after user logout. This allow...
Feb 20, 2025This vulnerability allows attackers to perform session fixation attacks on PHPGurukul Boat Booking System 1.0. By manipulating the session_start funct...
Oct 19, 2024This vulnerability in Umbraco CMS allows session persistence after explicit sign-out, meaning users who log out may still have active server sessions....
Oct 22, 2024A session management vulnerability in macOS Voice Control allows users with Voice Control enabled to potentially transcribe another user's activity. T...
Dec 12, 2025This vulnerability in Tutor (Open edX deployment tool) allows local unauthorized attackers to access sensitive information due to missing cache-contro...
Nov 26, 2025This vulnerability in Tenda wireless routers allows attackers to hijack administrative sessions by intercepting login credentials transmitted as sessi...
Jan 9, 2026About CWE-384 (CWE-384)
Our database tracks 72 CVEs classified as CWE-384, with 24 rated critical and 26 rated high severity. The average CVSS score for CWE-384 vulnerabilities is 7.8.
External reference: View CWE-384 on MITRE CWE →
Monitor CWE-384 Vulnerabilities
Get alerted when new CWE-384 CVEs affect your infrastructure.
Start Monitoring Free