Critical
CVSS: 9.4
This vulnerability allows the successful attacker to gain unauthorized access to a
configuration web page delivered by the integrated web Server of EIBPORT.
This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9…
Critical
CVSS: 9.1
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable rem…
Critical
CVSS: 9.8
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows…
High
CVSS: 8.2
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating th…
Critical
CVSS: 9.8
Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.
Critical
CVSS: 9.8
Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.
Low
CVSS: 2.3
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to…
High
CVSS: 8.3
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to fi…
High
CVSS: 8.0
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the…
Medium
CVSS: 6.8
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevat…
Critical
CVSS: 9.1
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004.
Low
CVSS: 3.1
Mattermost versions 9.11.x
Medium
CVSS: 4.3
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
Critical
CVSS: 9.8
Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
Medium
CVSS: 5.5
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session.
Medium
CVSS: 5.4
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.
Critical
CVSS: 9.3
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.
Medium
CVSS: 5.3
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.
High
CVSS: 7.1
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session…
Critical
CVSS: 9.8
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.