CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
392 vulnerabilities with CWE-384
CVE-2025-28242
CRITICAL
DAEnetIP4 METO v1.25 - Session Hijacking
CVSS 9.8
CVE-2025-28238
CRITICAL
Elber REBLE310 Firmware <5.5.1.R - Session Hijacking
CVSS 9.8
CVE-2025-0126
HIGH
PAN-OS - Session Fixation
CVE-2025-29928
HIGH
authentik <2024.12.4, <2025.2.3 - Info Disclosure
CVSS 8.0
CVE-2025-26658
MEDIUM
SAP Business One - Privilege Escalation
CVSS 6.8
CVE-2025-27661
CRITICAL
Vasion Print <22.0.843 - Session Fixation
CVSS 9.1
CVE-2025-1412
LOW
Mattermost <9.11.7, <10.4.2 - Privilege Escalation
CVSS 3.1
CVE-2025-22216
MEDIUM
UAA - Info Disclosure
CVSS 5.4
CVE-2025-24503
CRITICAL
PAM - Privilege Escalation
CVE-2025-24502
MEDIUM
Broadcom Symantec Privileged Access Management - Improper Session Validation
CVE-2024-13967
HIGH
EIBPORT V3 KNX/GSM <3.9.8 - Unauthorized Access
CVSS 8.8
CVE-2024-49709
MEDIUM
SoftCOM iKSORIS - Session Hijacking
CVSS 4.4
CVE-2024-49344
MEDIUM
IBM OpenPages with Watson <9.0 - Info Disclosure
CVSS 4.3
CVE-2024-42207
MEDIUM
HCL iAutomate - Session Fixation
CVSS 5.5
CVE-2024-56529
HIGH
Mailcow <2024-11b - Session Fixation
CVSS 7.1
CVE-2024-57052
CRITICAL
youediancms <9.5.20 - Privilege Escalation
CVSS 9.8
CVE-2024-42171
MEDIUM
HCL MyXalytics - Session Fixation
CVSS 6.4
CVE-2024-42170
MEDIUM
HCL MyXalytics - Session Fixation
CVSS 6.8
CVE-2024-13279
CRITICAL
Drupal TFA <1.8.0 - Session Fixation
CVSS 9.8
CVE-2024-56733
MEDIUM
Password Pusher <1.50.3 - Info Disclosure
CVSS 5.7
CVE-2024-28144
MEDIUM
Session Management - SSRF
CVSS 5.5
CVE-2024-50339
MEDIUM
GLPI <10.0.17 - Info Disclosure
CVSS 5.3
CVE-2024-11317
CRITICAL
ABB ASPECT Enterprise and MATRIX Series - Session Fixation
CVSS 10.0
CVE-2024-10318
MEDIUM
NGINX OpenID Connect - Session Fixation
CVSS 5.4
CVE-2024-23590
CRITICAL
Apache Kylin <5.0.0 - Session Fixation
CVSS 9.1
Details
Vulnerabilities
392