Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-384 (会话固定) — Vulnerability Class 145

145 vulnerabilities classified as CWE-384 (会话固定). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2025-46605 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 6.2 Medium2026-04-17
CVE-2026-31940 Session Fixation in Chamilo LMS — chamilo-lms 7.5 High2026-04-10
CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay — ruby-sdk 8.2 -2026-03-27
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode — openbao 9.6 Critical2026-03-27
CVE-2026-25101 Session Fixation in Bludit — Bludit 9.1 -2026-03-27
CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation — Aftermarket DPC 5.9 Medium2026-03-26
CVE-2026-33492 AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration — AVideo 7.3 High2026-03-23
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session — OliveTin 5.4 Medium2026-03-06
CVE-2026-24352 Session Fixation in PluXml CMS — PluXml CMS 8.2 -2026-02-27
CVE-2026-2177 SourceCodester Prison Management System Login session fixiation — Prison Management System 7.3 High2026-02-08
CVE-2026-23796 Session Fixation in Quick.Cart — Quick.Cart 8.1AIHighAI2026-02-05
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change — glpi 4.3 Medium2026-02-04
CVE-2025-7014 Session Hijacking in QRMenumPro's Menu Panel — Menu Panel 5.7 Medium2026-01-29
CVE-2025-7015 Session Hijacking in Akinsoft's QR Menu — QR Menu 5.7 Medium2026-01-29
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing — everest-core 4.3 Medium2026-01-21
CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. — Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 6.3 Medium2026-01-20
CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers — 300Mbps Wireless Router F3 and N300 Easy Setup Router 7.4 -2026-01-09
CVE-2020-36913 All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass — enlogic:show Digital Signage System 5.3 Medium2026-01-06
CVE-2023-53776 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness — Screen SFT DAB Series - Compact Radio DAB Transmitter 9.8AICriticalAI2025-12-10
CVE-2023-53775 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness — Screen SFT DAB Series - Compact Radio DAB Transmitter 9.1AICriticalAI2025-12-10
CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management — Screen SFT DAB Series - Compact Radio DAB Transmitter 7.5AIHighAI2025-12-10
CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation — ckan 6.1 Medium2025-10-29
CVE-2025-12390 Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id — keycloak 6.0 Medium2025-10-28
CVE-2025-10228 Session Hijacking in Rolantis Information Technologies' Agentis — Agentis 8.8 High2025-10-14
CVE-2025-59841 FlagForgeCTF's Improper Session Handling Allows Access After Logout — flagForge 9.8 Critical2025-09-25
CVE-2025-4644 User Session Fixation after Account Removal in PayloadCMS — Payload 8.8 -2025-08-29
CVE-2025-55668 Apache Tomcat: session fixation via rewrite valve — Apache Tomcat 9.8 -2025-08-13
CVE-2025-8517 givanz Vvveb session fixiation — Vvveb 6.3 Medium2025-08-04
CVE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication — discourse 8.2AIHighAI2025-07-29
CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability — IEM 2.0 Low2025-07-25

Vulnerabilities classified as CWE-384 (会话固定) represent 145 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.