Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2025-0253 LOW

HCL IntelliOps Event Management - Session Fixation via Insecure Cookie Attributes

CVE-2025-0251 LOW

HCL IntelliOps Event Management - Concurrent Session Vulnerability

CVE-2025-36117 MEDIUM

IBM Db2 Mirror for i 7.4-7.6 - Privilege Escalation

CVE-2025-51471 MEDIUM

Ollama 0.6.7 - Cross-Domain Token Exposure via WWW-Authenticate Header Realm

CVE-2025-52689 CRITICAL

Alcatel-Lucent OmniAccess Stellar Products <= 5.0.2 GA - Unauthenticated Session Fixation via Spoofed Login Request

CVE-2025-53895 HIGH

ZITADEL <4.0.0-rc.2, 3.3.2, 2.71.13, 2.70.14 - Privilege Escalation

CVE-2025-53021 MEDIUM

Moodle 3.0.0-3.11.18 - Unauthenticated Session Fixation via sesskey Parameter

CVE-2025-46815 HIGH

ZITADEL < 2.70.10 and 2.71.x < 2.71.9 and 3.0.0-rc.1-3.0.0 - Session Hijacking via IdP Intent Reuse

CVE-2025-45953 CRITICAL

PHPGurukul Hostel Mgt Sys 2.1 - Session Hijacking

CVE-2025-45949 CRITICAL

PHPGurukul User Registration & Login and User Management System V3.3 - Session Hijacking

CVE-2025-42602 HIGH

Meon KYC solutions - Session Fixation via API Token Handling

CVE-2025-28242 CRITICAL

DAEnetIP4 METO v1.25 - Session Hijacking

CVE-2025-28238 CRITICAL

Elber REBLE310 Firmware <5.5.1.R - Session Hijacking

CVE-2025-0126 HIGH

PAN-OS 10.1.0-10.1.14-h11, 10.2.0-10.2.10-h6, 11.0.0-11.0.6, 11.1.0-11.1.5, 11.2.0-11.2.3 SAML Session Fixation

CVE-2025-29928 HIGH

authentik <2024.12.4, <2025.2.3 - Info Disclosure

CVE-2025-26658 MEDIUM

SAP Business One - Privilege Escalation

CVE-2025-27661 CRITICAL

Vasion Print <22.0.843 - Session Fixation

CVE-2025-1412 LOW

Mattermost <9.11.7, <10.4.2 - Privilege Escalation

CVE-2025-22216 MEDIUM

Cloud Foundry UAA 77.20.X-77.20.1 and 77.2X.0-77.24.X - Session Fixation via Zone Validation Bypass

CVE-2025-24503 CRITICAL

Symantec Privileged Access Management 3.4.6-4.1.7 and 4.2.0 - Session Fixation via Crafted Link

CVE-2025-24502 MEDIUM

Broadcom Symantec Privileged Access Management - Improper Session Validation

CVE-2024-13967 HIGH

EIBPORT V3 KNX/GSM <3.9.8 - Unauthorized Access

CVE-2024-49709 MEDIUM

SoftCOM iKSORIS - Session Hijacking

CVE-2024-49344 MEDIUM

IBM OpenPages with Watson <9.0 - Info Disclosure

CVE-2024-42207 MEDIUM

HCL iAutomate - Session Fixation

Previous Page 3 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy