Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

392 vulnerabilities with CWE-384

CVE-2023-21239 MEDIUM

Google Android - Information Disclosure

CVE-2023-21238 MEDIUM

Google Android - Information Disclosure

CVE-2023-37946 HIGH

Jenkins OpenShift Login Plugin <1.1.0.227.v27e08dfb_1a_20 - Info Di...

CVE-2023-34656 HIGH

Xiamen Si Xin Communication Technology Video <4.1 - Privilege Escal...

CVE-2023-3394 MEDIUM

fossbilling <0.5.1 - Info Disclosure

CVE-2023-34156 MEDIUM

HarmonyOS - DoS

CVE-2023-28809 HIGH

Access Control Product - SSRF

CVE-2023-3192 MEDIUM

froxlor/froxlor <2.1.0 - Info Disclosure

CVE-2023-32997 HIGH

Jenkins CAS Plugin <1.6.2 - Auth Bypass

CVE-2023-31498 CRITICAL

PHP Gurukul Hospital Management System <4.0 - Privilege Escalation

CVE-2023-28316 CRITICAL

Rocket.Chat - Info Disclosure

CVE-2023-30056 HIGH

FICO Origination Manager Decision Module 4.8.1 - Info Disclosure

CVE-2023-1265 MEDIUM

GitLab <15.9.6-15.11.1 - Info Disclosure

CVE-2023-29020 MEDIUM

Fastify Passport - CSRF Bypass

CVE-2023-29019 HIGH

Fastify < - SSRF

CVE-2023-2105 HIGH

alextselegidis/easyappointments <1.5.0 - Info Disclosure

CVE-2023-26260 MEDIUM

OXID eShop <6.4.4-6.5.2 - Info Disclosure

CVE-2023-27490 HIGH

Nextauth.js Next-auth < 4.20.1 - CSRF

CVE-2023-24456 CRITICAL

Jenkins Keycloak Authentication Plugin <2.3.0 - Info Disclosure

CVE-2023-24427 CRITICAL

Jenkins Bitbucket OAuth Plugin <0.12 - Auth Bypass

CVE-2023-24424 HIGH

Jenkins OpenId Connect Authentication Plugin <2.4 - Auth Bypass

CVE-2023-22479 HIGH

KubePi <1.6.3 - Session Fixation

CVE-2022-40916 CRITICAL

Tiny File Manager <2.4.7 - Session Fixation

CVE-2022-46480 HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

CVE-2022-3916 MEDIUM

Keycloak - Info Disclosure

Previous Page 6 of 16 Next

Details

Vulnerabilities 392

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy