Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2026-41839 MEDIUM

Spring Framework Escalation via Session Fixation in WebFlux

CVE-2026-11335 MEDIUM

tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

CVE-2026-33384 MEDIUM

Session Fixation in QuickCMS

CVE-2026-48545 MEDIUM

Gradio < 6.15.0 Cookie Injection via Shared Proxy Client

CVE-2026-43827 MEDIUM

Apache Shiro: Session fixation: new session is not created after login by default

CVE-2026-45773 MEDIUM

Turborepo: Login callback CSRF/session fixation

CVE-2026-41613 HIGH

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2026-30808 HIGH

Pandora FMS 777-800 - Session Fixation via Crafted Session ID

CVE-2026-40010 CRITICAL

Apache Wicket: possible session fixation using AuthenticatedWebSession

CVE-2026-34454 LOW

OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

CVE-2026-31940 HIGH

Session Fixation in Chamilo LMS

CVE-2026-33946 MEDIUM

MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

CVE-2026-33757 CRITICAL

OpenBao lacks user confirmation for OIDC direct callback mode

CVE-2026-25101 CRITICAL

Session Fixation in Bludit

CVE-2026-33492 HIGH

AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration

CVE-2026-30224 MEDIUM

olivetin < 3000.11.1 - Session Fixation via Incomplete Logout

CVE-2026-24352 CRITICAL

PluXml CMS 5.8.21/5.9.0-rc7 - Session Fixation

CVE-2026-24894 HIGH

FrankenPHP <1.11.2 - Info Disclosure

CVE-2026-2177 HIGH

SourceCodester Prison Management System 1.0 - Session Fixation

CVE-2026-23796 CRITICAL

Quick.Cart <6.7 - Session Hijacking

CVE-2026-23624 MEDIUM

GLPI <10.0.23-11.0.5 - Info Disclosure

CVE-2026-22082 HIGH

Tenda Wireless Router - Auth Bypass

CVE-2025-67446 CRITICAL

Neterbit NW-431F Router <= 20241014-IR03 - Unauthenticated Authentication Bypass via Weak Cookie Value

CVE-2025-65415 MEDIUM

docuFORM Managed Print Service Client 11.11c - Session Fixation

CVE-2025-46605 MEDIUM

Dell PowerProtect Data Domain 8.4-8.5 - Session Fixation

Page 1 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy