Weaknesses of type CWE-384
221 resultsCVE-2023-53775HIGHScreen SFT DAB 1.9.3 Authentication Bypass via Session Management WeaknessEPSS 0.4%CVE-2022-43529MEDIUMA vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persistEPSS 0.4%CVE-2024-24823MEDIUMgraylog2-server Session Fixation vulnerability through cookie injectionEPSS 0.4%CVE-2026-43827MEDIUMApache Shiro: Session fixation: new session is not created after login by defaultEPSS 0.4%CVE-2024-56529HIGHMailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when EPSS 0.4%CVE-2023-22479HIGHKubePi vulnerable to session fixation attack EPSS 0.4%CVE-2021-46279MEDIUMSession Fixation and Insufficient Session ExpirationEPSS 0.4%CVE-2025-59841CRITICALFlagForgeCTF's Improper Session Handling Allows Access After LogoutEPSS 0.4%CVE-2024-24552MEDIUMBludit is Vulnerable to Session FixationEPSS 0.4%CVE-2025-46815HIGHZITADEL Allows IdP Intent Token ReuseEPSS 0.4%CVE-2023-29020MEDIUMCross site request forgery token fixation in fastify-passportEPSS 0.4%CVE-2025-4644MEDIUMUser Session Fixation after Account Removal in PayloadCMSEPSS 0.4%CVE-2025-45953CRITICALA vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change PassEPSS 0.4%CVE-2026-40010CRITICALApache Wicket: possible session fixation using AuthenticatedWebSessionEPSS 0.4%CVE-2018-0359—A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could EPSS 0.4%CVE-2023-34156—Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause serEPSS 0.4%CVE-2023-38018MEDIUMIBM Aspera Shares session fixationEPSS 0.4%CVE-2026-23624MEDIUMGLPI is vulnerable to session stealing on externally authenticated user changeEPSS 0.4%CVE-2023-38002MEDIUMIBM Storage Scale session fixationEPSS 0.4%CVE-2026-33757CRITICALOpenBao lacks user confirmation for OIDC direct callback modeEPSS 0.4%