CWE-613: CWE-613

This vulnerability allows remote unauthenticated attackers to reuse expired user sessions through the Single Logout (SLO) API in affected Liferay vers...

This vulnerability allows attackers to use expired session IDs to maintain unauthorized access to Kanboard instances. It affects all Kanboard users ru...

An access control vulnerability in Wvp GB28181 Pro 2.0 allows users to maintain access to application data after their accounts (including administrat...

IBM Security QRadar EDR versions 3.12 through 3.12.23 fail to properly invalidate sessions after expiration, allowing authenticated users to impersona...

IBM Concert versions 1.0.0 through 2.1.0 fail to properly invalidate user sessions after logout, allowing authenticated users to reuse old session tok...

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 fails to properly invalidate user sessions when a ...

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator fails to properly invalidate user sessions after logout, allowing authenticated users...

IBM InfoSphere Information Server 11.7 fails to properly invalidate user sessions after logout, allowing authenticated users to reuse old session toke...

IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0 fail to properly invalidate user sessions when a browser is closed. This all...

This vulnerability in JetBrains TeamCity allows access tokens to remain valid after user roles are removed, potentially enabling unauthorized access. ...

This vulnerability in data.all's AWS Cognito integration allows authentication tokens to remain valid after user logout, enabling continued access to ...

This CVE describes a session expiration vulnerability in Apache CloudStack's web interface where logout doesn't properly invalidate user sessions. An ...

IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0 fail to properly invalidate user sessions after logout, allowing an authenticated attacker t...

CVE-2024-56413 is an improper session management vulnerability in Acronis Cyber Protect 16 for Windows where user sessions remain active after account...

This vulnerability in authentik allows expired invitations to remain valid for up to 5 minutes or longer during system backlog, potentially enabling u...

This vulnerability allows attackers on the same network as a logged-in user to hijack their session and add unauthorized administrative accounts to th...

This CVE describes an insufficient session expiration vulnerability in Fortinet FortiOS where active SSLVPN sessions are not terminated after a user's...

A session invalidation vulnerability in Wire webapp allows users who logged out to be automatically logged back in when reopening the application. Thi...

IBM Aspera Orchestrator 4.0.1 fails to invalidate user sessions after password changes, allowing authenticated users to maintain access with old crede...

This vulnerability in Pterodactyl allows users who were actively connected via SFTP to retain file access even after their permissions are revoked. It...

This vulnerability in django-allauth allows users whose accounts have been deactivated (is_active=False) to continue using previously issued access an...

This Keycloak vulnerability allows offline sessions to remain valid even after administrators remove the offline_access scope from clients. Attackers ...

Keycloak sessions created while 'Remember Me' was enabled retain extended lifetimes even after administrators disable this setting at the realm level....

This vulnerability allows authenticated attackers (local or remote) to maintain access to the AxxonSoft Axxon One Web Admin Panel even after their pri...

WombatDialer versions before 25.02 incorrectly handle cookie sessions, writing full session identities to system logs. This allows attackers who can a...

This vulnerability in Checkmk allows attackers to bypass session logout mechanisms, potentially maintaining unauthorized access to monitoring systems....

Dell PowerScale OneFS versions 9.5.0.x through 9.7.0.x have an insufficient session expiration vulnerability that allows remote unauthenticated attack...

Open eClass platform versions before 4.2 fail to invalidate active user sessions after password changes, allowing existing session tokens to remain va...

HCL DevOps Deploy/Launch has a race condition in HTTP session IP binding that may allow brief session reuse from a new IP address before invalidation....

This CVE describes a race condition vulnerability in IBM UrbanCode Deploy and DevOps Deploy where HTTP session client-IP binding enforcement can be by...

This vulnerability allows attackers with stolen session tokens to maintain access to PILOS accounts even after users change their passwords. It affect...

CVE-2025-35433 is an authentication bypass vulnerability in CISA Thorium where previously used tokens remain valid after password resets. This allows ...

This vulnerability allows authenticated attackers to maintain active sessions even after their user accounts have been disabled or deleted in SINEC IN...

This vulnerability allows attackers with access to SAML session records to re-open terminated sessions, potentially regaining access to FortiOS SSL VP...

This vulnerability in HAXcms backends fails to properly terminate user sessions during logout, allowing attackers to maintain access to authenticated ...

This vulnerability allows attackers who have obtained SSL-VPN session cookies to reuse them even after sessions have expired or been logged out. It af...

This vulnerability allows authenticated users to access sensitive information from other users' sessions after they have logged out. It affects IBM Cl...

A session management vulnerability in Nagios Network Analyzer allows attackers to reuse session tokens after users log out, enabling unauthorized acce...

This vulnerability in Dígitro NGC Explorer allows attackers to remotely trigger session expiration, potentially causing service disruption. It affect...

Umbraco CMS has an insufficient session expiration vulnerability where the logout page displays a session timeout message approximately 30 seconds bef...

HCL AION version 2 has JWT tokens that remain valid for an excessively long time, allowing attackers who obtain these tokens to potentially maintain u...

This vulnerability allows authenticated attackers to maintain unauthorized access to protected API endpoints in HCL BigFix IVR due to insufficient ses...

HyperCloud versions 2.3.5 through 2.6.8 have an authentication flaw where refresh tokens can be used directly for resource access instead of just obta...