Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56529 | 1 Mailcow | 1 Mailcow | 2026-04-15 | 7.1 High |
| Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier. | ||||
| CVE-2025-28238 | 2026-04-15 | 9.8 Critical | ||
| Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack. | ||||
| CVE-2025-4644 | 1 Payloadcms | 1 Payload | 2026-04-15 | N/A |
| A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload. | ||||
| CVE-2024-2236 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-04-15 | 5.9 Medium |
| A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. | ||||
| CVE-2025-0306 | 1 Redhat | 2 Enterprise Linux, Storage | 2026-04-15 | 7.4 High |
| A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | ||||
| CVE-2025-71057 | 1 D-link | 1 Wireless N 300 Adsl2+ Modem Router | 2026-04-15 | 8.2 High |
| Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. | ||||
| CVE-2025-22216 | 2026-04-15 | 5.4 Medium | ||
| A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones. | ||||
| CVE-2025-12390 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 6 Medium |
| A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user. | ||||
| CVE-2025-24502 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | ||||
| CVE-2025-70973 | 1 Scadabr | 1 Scadabr | 2026-04-07 | 4.8 Medium |
| ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session. | ||||
| CVE-2023-53776 | 1 Dbbroadcast | 3 Sft Dab 600\/c, Sft Dab 600\/c Firmware, Sft Dab Series | 2026-04-07 | 8.8 High |
| Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter. | ||||
| CVE-2023-53775 | 1 Dbbroadcast | 3 Sft Dab 600\/c, Sft Dab 600\/c Firmware, Sft Dab Series | 2026-04-07 | 6.5 Medium |
| Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication. | ||||
| CVE-2023-53741 | 1 Dbbroadcast | 11 Sft Dab 015\/c, Sft Dab 015\/c Firmware, Sft Dab 050\/c and 8 more | 2026-04-07 | 8.1 High |
| Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization. | ||||
| CVE-2025-66442 | 2 Arm, Mbed-tls | 4 Mbed Tls, Tf-psa-crypto, Mbedtls and 1 more | 2026-04-07 | 5.1 Medium |
| In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected. | ||||
| CVE-2026-25101 | 1 Bludit | 1 Bludit | 2026-04-03 | 9.8 Critical |
| Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2. | ||||
| CVE-2026-33946 | 2 Lfprojects, Modelcontextprotocol | 2 Mcp Ruby Sdk, Ruby-sdk | 2026-04-02 | 5.9 Medium |
| MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events (SSE) stream and intercept all real-time data. Version 0.9.2 contains a patch. | ||||
| CVE-2024-7341 | 1 Redhat | 8 Build Keycloak, Build Of Keycloak, Enterprise Linux and 5 more | 2026-04-01 | 7.1 High |
| A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. | ||||
| CVE-2026-33757 | 1 Openbao | 1 Openbao | 2026-04-01 | 9.6 Critical |
| OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the attacker. Despite being based on the authorization code flow, the `direct` mode calls back directly to the API and allows an attacker to poll for an OpenBao token until it is issued. Version 2.5.2 includes an additional confirmation screen for `direct` type logins that requires manual user interaction in order to finish the authentication. This issue can be worked around either by removing any roles with `callback_mode=direct` or enforcing confirmation for every session on the token issuer side for the Client ID used by OpenBao. | ||||
| CVE-2025-55266 | 2 Hcl, Hcltech | 2 Aftermarket Dpc, Aftermarket Cloud | 2026-03-27 | 5.9 Medium |
| HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user. | ||||
| CVE-2026-33492 | 1 Wwbn | 1 Avideo | 2026-03-25 | 7.3 High |
| WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's `_session_start()` function accepts arbitrary session IDs via the `PHPSESSID` GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when the request originates from the same domain. Combined with the explicitly disabled session regeneration in `User::login()`, this allows a classic session fixation attack where an attacker can fix a victim's session ID before authentication and then hijack the authenticated session. Commit 5647a94d79bf69a972a86653fe02144079948785 contains a patch. | ||||