Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2025-55266 MEDIUM

HCL Aftermarket DPC is affected by Session Fixation

CVE-2025-70973 MEDIUM

ScadaBR 1.12.4 - Session Fixation via JSESSIONID Cookie

CVE-2025-71057 HIGH

D-Link DSL-124 ME_1.00 - Session Hijacking

CVE-2025-7014 MEDIUM

QR Menu Pro Smart Menu Systems Menu Panel <29012026 - Session Fixation

CVE-2025-7015 MEDIUM

QR Menu <s1.05.12 - Session Fixation

CVE-2025-69602 CRITICAL

AltumCode 66biolinks v62.0.0 - Session Fixation

CVE-2025-68139 MEDIUM

EVerest <2025.12.1 - Info Disclosure

CVE-2025-36115 MEDIUM

IBM Sterling Connect:Express Adapter - Privilege Escalation

CVE-2025-43516 LOW

macOS <26.2-15.7.3-14.8.3 - Info Disclosure

CVE-2025-63529 MEDIUM

Blood Bank Management System 1.0 - Session Fixation

CVE-2025-65681 LOW

Overhang.IO <20.0.2 - Info Disclosure

CVE-2025-56400 HIGH

Tuya Smart and Smartlife - Cross-Site Request Forgery in OAuth Account Linking Flow

CVE-2025-63224 CRITICAL

Itel DAB Encoder <25aec8d - Auth Bypass

CVE-2025-63216 CRITICAL

Itel DAB Gateway Firmware - Authentication Bypass via JWT Token Reuse

CVE-2025-37159 MEDIUM

ArubaOS-CX 10.10.0000-10.10.1169 - Authenticated Session Fixation

CVE-2025-64100 MEDIUM

CKAN <2.10.9, <2.11.4 - Info Disclosure

CVE-2025-12390 MEDIUM

Keycloak < 26.0.0 - Session Fixation via Incomplete Session Cleanup

CVE-2025-56746 LOW

Creativeitem Academy LMS <=5.13 - Info Disclosure

CVE-2025-10228 HIGH

Rolantis Information Technologies Agentis <4.44 - Info Disclosure

CVE-2025-59841 CRITICAL

flagforge 2.2.0-2.3.0 - Insufficient Session Expiration

CVE-2025-54761 HIGH

PPress 0.0.9 - Privilege Escalation

CVE-2025-4644 MEDIUM

Payload CMS < 3.44.0 - Session Fixation via SQLite Adapter Identifier Reuse

CVE-2025-55668 MEDIUM

Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation

CVE-2025-8517 MEDIUM

givanz Vvveb <1.0.6.1 - Info Disclosure

CVE-2025-53102 CRITICAL

Discourse <3.4.7-3.5.0.beta.8 - Info Disclosure

Previous Page 2 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy