Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-384 (会话固定) — Vulnerability Class 145

145 vulnerabilities classified as CWE-384 (会话固定). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth — next-auth 8.1 High2023-03-09
CVE-2021-36394 Moodle 代码注入漏洞 — Moodle 9.8 -2023-03-06
CVE-2021-42761 Fortinet FortiWeb 授权问题漏洞 — FortiWeb 8.5 Critical2023-02-16
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens — symfony 6.3 Medium2023-02-03
CVE-2023-22479 KubePi vulnerable to session fixation attack — KubePi 7.5 High2023-01-10
CVE-2014-125048 kassi xingwall oauth.js session fixiation — xingwall 6.3 Medium2023-01-06
CVE-2022-4231 Tribal Systems Zenario CMS Remember Me session fixiation — Zenario CMS 4.2 Medium2022-11-30
CVE-2022-43398 Siemens Power Meter Sicam Q100 授权问题漏洞 — POWER METER SICAM Q100 7.5 High2022-11-08
CVE-2022-40293 Session fixation in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. — PHP Point of Sale 8.1 -2022-10-31
CVE-2021-46279 Session Fixation and Insufficient Session Expiration — IAC-AST2500A 5.8 Medium2022-10-24
CVE-2022-40226 多款Siemens产品授权问题漏洞 — SICAM P850 7.5 High2022-10-11
CVE-2022-40630 Improper Session Management Vulnerability in Tacitine Firewall — Firewall 6.5 Medium2022-09-23
CVE-2022-3269 Session Fixation in ikus060/rdiffweb — ikus060/rdiffweb 8.8 -2022-09-23
CVE-2022-38054 Session Fixation — Apache Airflow 9.8 -2022-09-02
CVE-2022-2997 Session Fixation in snipe/snipe-it — snipe/snipe-it 7.6 -2022-08-25
CVE-2022-30605 WWBN AVideo 授权问题漏洞 — AVideo 8.8 -2022-08-22
CVE-2022-2820 Session Fixation in namelessmc/nameless — namelessmc/nameless 7.0 High2022-08-15
CVE-2022-33927 Dell Wyse Management Suite 授权问题漏洞 — Wyse Management Suite 5.4 Medium2022-08-10
CVE-2022-22681 Synology Photo Station 授权问题漏洞 — Photo Station 8.1 High2022-07-06
CVE-2022-1849 Session Fixation in filegator/filegator — filegator/filegator 6.3 -2022-05-24
CVE-2020-25152 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus — SpaceCom 6.5 Medium2022-04-14
CVE-2022-24781 Malicious users can take over the session of other players — Geon 7.1 High2022-03-24
CVE-2022-24745 Guest session is shared between customers in shopware — platform 4.8 Medium2022-03-09
CVE-2021-41246 Session fixation in express-openid-connect — express-openid-connect 4.6 Medium2021-12-09
CVE-2021-41268 Cookie persistence in Symfony — symfony 6.5 Medium2021-11-24
CVE-2021-22927 Citrix Application Delivery Controller授权问题漏洞 — Citrix ADC, Citrix Gateway 8.1 -2021-08-05
CVE-2021-32710 Potential Session Hijacking in Shopware — platform 5.9 Medium2021-06-24
CVE-2010-1434 Joomla 授权问题漏洞 — Joomla 7.5 -2021-06-21
CVE-2021-32676 Session Fixation in Nextcloud Talk — security-advisories 6.5 Medium2021-06-16
CVE-2018-16495 Versa VOS 授权问题漏洞 — Versa VOS 8.8 -2021-05-26

Vulnerabilities classified as CWE-384 (会话固定) represent 145 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.