CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
392 vulnerabilities with CWE-384
CVE-2025-56400
HIGH
Tuya Smartlife < 6.5.0 - CSRF
CVSS 8.8
CVE-2025-63224
CRITICAL
Itel DAB Encoder <25aec8d - Auth Bypass
CVSS 10.0
CVE-2025-63216
CRITICAL
Itel DAB Gateway - Auth Bypass
CVSS 10.0
CVE-2025-37159
MEDIUM
AOS-CX OS - Privilege Escalation
CVSS 5.8
CVE-2025-64100
MEDIUM
CKAN <2.10.9, <2.11.4 - Info Disclosure
CVSS 6.1
CVE-2025-12390
MEDIUM
Keycloak - Info Disclosure
CVSS 6.0
CVE-2025-56746
LOW
Creativeitem Academy LMS <=5.13 - Info Disclosure
CVSS 2.2
CVE-2025-10228
HIGH
Rolantis Information Technologies Agentis <4.44 - Info Disclosure
CVSS 8.8
CVE-2025-59841
CRITICAL
Flagforge < 2.3.1 - CSRF
CVSS 9.8
CVE-2025-54761
HIGH
PPress 0.0.9 - Privilege Escalation
CVSS 8.0
CVE-2025-4644
MEDIUM
Payload <3.44.0 - Session Fixation
CVE-2025-55668
MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
CVSS 6.5
CVE-2025-8517
MEDIUM
givanz Vvveb <1.0.6.1 - Info Disclosure
CVSS 6.3
CVE-2025-53102
CRITICAL
Discourse <3.4.7-3.5.0.beta.8 - Info Disclosure
CVSS 9.8
CVE-2025-0253
LOW
HCL IEM - Info Disclosure
CVSS 2.0
CVE-2025-0251
LOW
HCL IEM - Info Disclosure
CVSS 2.6
CVE-2025-36117
MEDIUM
IBM Db2 Mirror for i 7.4-7.6 - Privilege Escalation
CVSS 6.3
CVE-2025-51471
MEDIUM
Ollama 0.6.7 - XSS
CVSS 6.9
CVE-2025-52689
CRITICAL
Firmware - Privilege Escalation
CVSS 9.8
CVE-2025-53895
HIGH
ZITADEL <4.0.0-rc.2, 3.3.2, 2.71.13, 2.70.14 - Privilege Escalation
CVSS 8.8
CVE-2025-53021
MEDIUM
Moodle <3.11.18 - Session Fixation
CVSS 4.2
CVE-2025-46815
HIGH
ZITADEL <3.0.0-2.70.10 - DoS
CVSS 8.0
CVE-2025-45953
CRITICAL
PHPGurukul Hostel Mgt Sys 2.1 - Session Hijacking
CVSS 9.1
CVE-2025-45949
CRITICAL
PHPGurukul User Registration & Login and User Management System V3.3 - Session Hijacking
CVSS 9.8
CVE-2025-42602
HIGH
Meon KYC - Auth Bypass
Details
Vulnerabilities
392