Weaknesses of type CWE-384

221 results
CVE-2025-52689CRITICALWeak Session ID Check in the OmniAccess Stellar Web Management InterfaceEPSS 11.0%CVE-2021-36394In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.EPSS 7.0%CVE-2018-5385Navarino Infinity web interface up to version 2.2 is prone to session fixation attacksEPSS 4.2%CVE-2022-30605HIGHA privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-EPSS 4.1%CVE-2025-51471MEDIUMCross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and EPSS 3.8%CVE-2018-0229A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect EPSS 3.7%CVE-2016-9125Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, byEPSS 2.7%CVE-2023-31498CRITICALA privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary codeEPSS 2.1%CVE-2019-10158MEDIUMA flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring SesEPSS 2.0%CVE-2018-8852Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, EPSS 1.9%CVE-2022-38054Session FixationEPSS 1.8%CVE-2018-5465A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform SwiEPSS 1.8%CVE-2025-28242CRITICALImproper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.EPSS 1.7%CVE-2016-8609LOWIt was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a EPSS 1.7%CVE-2019-1807HIGHCisco Umbrella Dashboard Session Management VulnerabilityEPSS 1.5%CVE-2021-42761HIGHA condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.EPSS 1.5%CVE-2020-10714A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in theEPSS 1.5%CVE-2023-40273HIGHSession fixation in Apache Airflow web interfaceEPSS 1.4%CVE-2023-50270MEDIUMApache DolphinScheduler: Session do not expire after password changeEPSS 1.3%CVE-2019-13517In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has EPSS 1.3%