CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
475 vulnerabilities with CWE-613
CVE-2026-30224
MEDIUM
OliveTin <3000.11.1 - Auth Bypass
CVSS 5.4
CVE-2026-27764
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-20748
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-24912
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-21622
hexpm hexpm/hexpm - Auth Bypass
CVE-2025-59786
CRITICAL
2N Access Commander <3.4.2 - Auth Bypass
CVSS 9.8
CVE-2026-28396
MEDIUM
NocoDB <0.301.3 - Auth Bypass
CVSS 6.5
CVE-2026-3401
LOW
SourceCodester Pharmacy Mgmt 1.0 - Auth Bypass
CVSS 3.1
CVE-2026-27647
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-26290
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-27652
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-25778
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-25711
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-20895
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-28275
HIGH
Initiative <0.32.4 - Auth Bypass
CVSS 8.1
CVE-2026-27968
MEDIUM
Packistry <0.13.0 - Auth Bypass
CVSS 4.3
CVE-2026-27933
MEDIUM
Manyfold <0.133.0 - Session Hijack
CVSS 6.8
CVE-2026-27575
CRITICAL
Vikunja <2.0.0 - Auth Bypass
CVSS 9.1
CVE-2026-25476
HIGH
OpenEMR <8.0.0 - Auth Bypass
CVSS 7.5
CVE-2026-26342
CRITICAL
Tattile Smart+/Vega/Basic <1.181.5 - Auth Bypass
CVSS 9.8
CVE-2026-1842
HyperCloud 2.3.5-2.6.8 - Auth Bypass
CVE-2026-1435
CRITICAL
Graylog Web Interface 2.2.3 - Auth Bypass
CVSS 9.8
CVE-2025-36377
MEDIUM
IBM Security QRadar EDR 3.12-3.12.23 - Auth Bypass
CVSS 6.3
CVE-2025-36376
MEDIUM
IBM Security QRadar EDR 3.12-3.12.23 - Auth Bypass
CVSS 6.3
CVE-2025-27898
MEDIUM
IBM DB2 Recovery Expert 5.5 IF002 - Auth Bypass
CVSS 6.3
Details
Vulnerabilities
475