CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
509 vulnerabilities with CWE-613
CVE-2026-27649
HIGH
CTEK Chargeportal Insufficient Session Expiration
CVSS 7.3
CVE-2026-32132
HIGH
ZITADEL <3.4.8/4.12.2 - Auth Bypass
CVSS 7.4
CVE-2026-30224
MEDIUM
OliveTin <3000.11.1 - Auth Bypass
CVSS 5.4
CVE-2026-27764
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-20748
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-24912
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-21622
CRITICAL
hexpm hexpm/hexpm - Auth Bypass
CVSS 9.8
CVE-2026-28396
MEDIUM
NocoDB <0.301.3 - Auth Bypass
CVSS 6.5
CVE-2026-3401
LOW
SourceCodester Pharmacy Mgmt 1.0 - Auth Bypass
CVSS 3.1
CVE-2026-27647
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-26290
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-27652
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-25778
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-25711
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-20895
HIGH
WebSocket Backend - Session Hijacking
CVSS 7.3
CVE-2026-28275
HIGH
Initiative <0.32.4 - Auth Bypass
CVSS 8.1
CVE-2026-27968
MEDIUM
Packistry <0.13.0 - Auth Bypass
CVSS 4.3
CVE-2026-27933
MEDIUM
Manyfold <0.133.0 - Session Hijack
CVSS 6.8
CVE-2026-27575
CRITICAL
Vikunja <2.0.0 - Auth Bypass
CVSS 9.1
CVE-2026-25476
HIGH
OpenEMR <8.0.0 - Auth Bypass
CVSS 7.5
CVE-2026-26342
CRITICAL
Tattile Smart+/Vega/Basic <1.181.5 - Auth Bypass
CVSS 9.8
CVE-2026-1842
MEDIUM
HyperCloud 2.3.5-2.6.8 - Auth Bypass
CVE-2026-1435
CRITICAL
Graylog Web Interface 2.2.3 - Auth Bypass
CVSS 9.8
CVE-2026-24894
HIGH
FrankenPHP <1.11.2 - Info Disclosure
CVSS 7.5
CVE-2026-24669
HIGH
Open eClass <4.2 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities
509