Weaknesses of type CWE-613
394 resultsCVE-2022-46177MEDIUMDiscourse password reset link can lead to in account takeover if user changes to a new emailEPSS 0.7%CVE-2025-57735CRITICALApache Airflow: Airflow Logout Not Invalidating JWTEPSS 0.7%CVE-2024-0942LOWTotolink N200RE V5 cstecgi.cgi session expirationEPSS 0.7%CVE-2023-0227HIGHInsufficient Session Expiration in pyload/pyloadEPSS 0.7%CVE-2024-27455CRITICALIn the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attemptsEPSS 0.6%CVE-2021-43791MEDIUMIneffective expiration validation for invitation links in ZulipEPSS 0.6%CVE-2025-3930MEDIUMLack of JWT Expiration after Log Out in StrapiEPSS 0.6%CVE-2023-31139MEDIUMDHIS2 Core unrestricted session cookies with Personal Access TokensEPSS 0.6%CVE-2024-31999HIGH@fastify/secure-session: Reuse of destroyed secure session cookieEPSS 0.6%CVE-2022-41542MEDIUMdevhub 0.102.0 was discovered to contain a broken session control.EPSS 0.6%CVE-2024-52553HIGHJenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.EPSS 0.6%CVE-2023-22492MEDIUMRefreshToken invalidation vulnerabilityEPSS 0.6%CVE-2022-4070LOWInsufficient Session Expiration in librenms/librenmsEPSS 0.6%CVE-2024-0943LOWTotolink N350RT cstecgi.cgi session expirationEPSS 0.6%CVE-2020-6292MEDIUMLogout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient SessionEPSS 0.6%CVE-2024-25954MEDIUMDell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated EPSS 0.6%CVE-2023-5865HIGHInsufficient Session Expiration in thorsten/phpmyfaqEPSS 0.6%CVE-2022-35728HIGHiControl REST vulnerability CVE-2022-35728EPSS 0.6%CVE-2023-23929HIGHRefresh tokens do not expire in Vantage6EPSS 0.6%CVE-2025-24896HIGHMisskey allows token to remain valid in cookie after signing outEPSS 0.6%