Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-613

CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613

CVE-2026-27764 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-20748 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-24912 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-21622 CRITICAL

hexpm - Insufficient Session Expiration in Password Reset Token

CVE-2026-28396 MEDIUM

NocoDB < 0.301.3 - Insufficient Session Expiration via Password Reset Flow

CVE-2026-3401 LOW

SourceCodester Pharmacy Mgmt 1.0 - Auth Bypass

CVE-2026-27647 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-26290 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-27652 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-25778 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-25711 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-20895 HIGH

WebSocket Backend - Session Hijacking

CVE-2026-28275 HIGH

Initiative < 0.32.4 - Insufficient Session Expiration via JWT Token Invalidation

CVE-2026-27968 MEDIUM

packistry < 0.13.0 - Improper Authentication via Expired Deploy Token

CVE-2026-27933 MEDIUM

Manyfold < 0.133.0 - Session Hijack via Proxy Cache Cookie Leakage

CVE-2026-27575 CRITICAL

Vikunja < 2.0.0 - Insufficient Session Expiration and Weak Password Enforcement

CVE-2026-25476 HIGH

OpenEMR < 8.0.0 - Insufficient Session Expiration via skip_timeout_reset Parameter

CVE-2026-26342 CRITICAL

Tattile Smart+/Vega/Basic <1.181.5 - Auth Bypass

CVE-2026-1842 MEDIUM

HyperCloud 2.3.5-2.6.8 - Auth Bypass

CVE-2026-1435 CRITICAL

Graylog Web Interface 2.2.3 - Auth Bypass

CVE-2026-24894 HIGH

FrankenPHP <1.11.2 - Info Disclosure

CVE-2026-24669 HIGH

Open eClass <4.2 - Privilege Escalation

CVE-2026-24667 MEDIUM

Open eClass Platform < 4.2 - Insufficient Session Expiration after Password Change

CVE-2026-24472 MEDIUM

Hono < 4.11.7 - Information Disclosure via Cache Middleware

CVE-2025-12624 MEDIUM

Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock

Previous Page 3 of 22 Next

Details

Vulnerabilities 531

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy