CWE-613: CWE-613

This vulnerability allows attackers to maintain access to user sessions beyond their intended expiration time in PKP (Public Knowledge Project) softwa...

Misskey versions 12.109.0 through 2025.2.0-alpha.0 fail to delete authentication tokens from cookies after logout, allowing session persistence. This ...

This vulnerability allows users to maintain active sessions even after their passwords have been changed via CLI, potentially enabling unauthorized ac...

This vulnerability in Fortinet FortiAIOps 2.0.0 allows attackers to reuse stolen session tokens to perform unauthorized operations. Attackers can bypa...

This vulnerability in Fortinet FortiEDR allows attackers to execute unauthorized code or commands via API requests due to insufficient session expirat...

Dell EMC Streaming Data Platform versions before 1.3 contain an insufficient session expiration vulnerability that allows remote unauthenticated attac...

This vulnerability allows attackers to reuse, spoof, or steal user and admin sessions in TopEase Platform due to insufficient session expiration. It a...

This vulnerability allows unauthenticated remote attackers to replay intercepted session credentials to gain unauthorized administrative access to Cis...

This vulnerability allows attackers to reuse unexpired admin session IDs in FortiClientEMS to gain administrative privileges. It affects organizations...

CVE-2026-24669 is an insecure password reset vulnerability in Open eClass (formerly GUnet eClass) that allows local attackers to reuse valid password ...

This vulnerability in KDE Plasma Workspace allows local users on the same machine to connect to the KSmserver session manager via ICE without proper a...

CVE-2021-25985 is a session management vulnerability in Factor (App Framework & Headless CMS) where user sessions are not properly invalidated after l...

This vulnerability allows attackers to reuse expired session IDs in Progress Sitefinity under specific circumstances, enabling session replay attacks....

This vulnerability allows a local attacker to bypass authentication on the Sagemcom FAST3686 V2 Vodafone router's administration panel due to improper...

This vulnerability allows users who should have been invalidated or deleted to retain access to the admin area in Alf.io event management systems. Thi...

OpenEMR versions before 8.0.0 have a session expiration bypass vulnerability. Attackers can send a specific parameter (skip_timeout_reset=1) to preven...

This vulnerability in KZTech JT3500V 4G LTE CPE devices allows attackers to reuse expired session credentials due to improper session expiration. Atta...

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below have insufficient session expiration, allowing attackers to reuse old session credentials. This e...

This vulnerability allows deleted users in Nagios Network Analyzer to maintain access to restricted system functions because their sessions and API to...

This vulnerability allows session hijacking in F5 Central Manager because refresh tokens remain valid after user logout. Attackers can use stolen refr...

This vulnerability allows attackers to authorize OAuth applications from logged-out sessions in pretix, potentially granting unauthorized access to us...

This vulnerability in Stormshield Network Security (SNS) allows attackers to potentially access SSH accounts using old passwords that weren't properly...

This vulnerability allows attackers to reuse, spoof, or steal user and admin sessions in the Fish | Hunt FL iOS app due to insufficient session expira...

This vulnerability allows anonymous remote attackers to view cached content in Atlassian Jira Server and Data Center even after losing proper permissi...

This vulnerability in Mender Enterprise's useradm service allows users to continue accessing the system with their JWT tokens after logout when JWT ve...

This CVE describes two vulnerabilities in FortiIsolator's authentication mechanism: insufficient session expiration allows remote unauthenticated atta...

This vulnerability allows access tokens in JetBrains TeamCity to remain functional after they have been deleted or expired, creating an authentication...

This vulnerability in @fastify/session prevents proper session expiration when cookies have maxAge set. When restoring sessions from the store, the ex...

This vulnerability allows remote attackers to maintain unauthorized access to Zyxel NBG6604 routers by exploiting insufficient session expiration in t...

HashiCorp Vault and Vault Enterprise had a vulnerability where tokens or dynamic secret leases within 1 second of expiration could be renewed and inco...

This WebSocket vulnerability allows session hijacking in charging station management systems by enabling multiple connections with the same predictabl...

This WebSocket vulnerability allows session hijacking by connecting with predictable charging station identifiers, enabling attackers to impersonate l...

This vulnerability allows attackers to establish multiple concurrent sessions using the same charging station ID due to improper session management. T...

This vulnerability allows session tokens from logged-out users to remain active and usable in Optimizely Configured Commerce B2B storefronts. Attacker...

This vulnerability allows non-admin users who previously had admin privileges to retain access to iControl REST admin resources even after their role ...

This CVE describes a session handling vulnerability in Nextcloud Server where logout doesn't properly destroy sessions if cookies aren't manually clea...

nopCommerce versions 4.70 and prior, and specifically version 4.80.3, fail to properly invalidate session cookies after logout or session termination....

Kiteworks MFT versions before 9.1.0 have a session timeout vulnerability where user sessions may not properly expire after inactivity. This allows att...

CubeCart ecommerce software versions before 6.5.11 fail to automatically expire user sessions after password changes. This allows attackers who have c...

This vulnerability allows attackers to hijack user sessions in PHPGurukul Car Rental Project v3.0 due to improper session invalidation in the password...

This vulnerability allows attackers to hijack user sessions in PHPGurukul Small CRM v3.0 by exploiting improper session invalidation in the password c...

HCL iAutomate has insufficient session expiration, allowing authentication tokens to remain valid indefinitely unless manually revoked. This affects a...

This vulnerability allows guest users in Mage AI framework to retain high privileges after account deletion, enabling remote code execution through th...

HCL Compass fails to properly invalidate user sessions upon logout, allowing session hijacking. Attackers who obtain valid session identifiers can reu...

This vulnerability in Keycloak allows session persistence after logout when using external SAML identity providers with specific Principal Type config...

CVE-2022-0991 is an insufficient session expiration vulnerability in Admidio that allows attackers to maintain access to user sessions beyond intended...

Manyfold versions before 0.133.0 are vulnerable to session hijacking due to cookie leakage in proxy caches. This allows attackers to steal user sessio...

This CVE describes a session fixation vulnerability in Progress Sitefinity CMS where session identifiers are not properly invalidated, allowing attack...

CVE-2025-4407 is an insufficient session expiration vulnerability in ABB Lite Panel Pro that allows attackers to reuse expired sessions to gain unauth...

CVE-2025-4677 is an insufficient session expiration vulnerability in ABB WebPro SNMP Card PowerValue devices that allows attackers to reuse expired se...