Falhas do tipo CWE-384
221 resultadosCVE-2018-16495—In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user sucEPSS 0.9%CVE-2022-24781HIGHMalicious users can take over the session of other playersEPSS 0.9%CVE-2021-41246MEDIUMSession fixation in express-openid-connectEPSS 0.9%CVE-2022-38628MEDIUMNortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-sEPSS 0.9%CVE-2021-32710MEDIUMPotential Session Hijacking in ShopwareEPSS 0.9%CVE-2023-3711MEDIUMPotential Predictable Session IDEPSS 0.9%CVE-2022-40630MEDIUMImproper Session Management Vulnerability in Tacitine FirewallEPSS 0.9%CVE-2022-22681HIGHSession fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass sEPSS 0.9%CVE-2021-22927—A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow aEPSS 0.8%CVE-2024-23679CRITICALEnonic XP Session Fixation VulnerabilityEPSS 0.8%CVE-2022-31689CRITICALVMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token maEPSS 0.8%CVE-2020-6302MEDIUMSAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. AEPSS 0.8%CVE-2022-44007HIGHAn issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attackeEPSS 0.8%CVE-2024-7341HIGHWildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adaptersEPSS 0.8%CVE-2020-5290MEDIUMsession fixation in rCTFEPSS 0.8%CVE-2023-32997HIGHJenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.EPSS 0.8%CVE-2022-24895MEDIUMSymfony vulnerable to Session Fixation of CSRF tokensEPSS 0.8%CVE-2022-40916CRITICALTiny File Manager v2.4.7 and below is vulnerable to session fixation.EPSS 0.8%CVE-2025-55668MEDIUMApache Tomcat: session fixation via rewrite valveEPSS 0.8%CVE-2020-5205MEDIUMSession fixation attack in Pow (Hex package)EPSS 0.8%