CWE-613 (不充分的会话过期机制) — Vulnerability Class 296

296 vulnerabilities classified as CWE-613 (不充分的会话过期机制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25720	SenseLive X3050 Insufficient session expiration — X3050	5.4	Medium	2026-04-23
CVE-2026-41356	OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate — OpenClaw	5.4	Medium	2026-04-23
CVE-2026-1272	IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data Protection	2.7	Low	2026-04-22
CVE-2026-6515	Insufficient Session Expiration in GitLab — GitLab	5.4	Medium	2026-04-22
CVE-2026-6848	Quay: red hat quay: authentication bypass allows privileged actions without valid credentials — Red Hat Quay 3	5.4	Medium	2026-04-22
CVE-2026-41133	pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) — pyload	8.8	High	2026-04-21
CVE-2026-40939	DSF: Missing Session Timeout for OIDC Sessions — dsf	9.1^AI	Critical^AI	2026-04-21
CVE-2026-40587	blueprintUE: Active Sessions Are Not Invalidated After Password Change or Reset — blueprintue-self-hosted-edition	6.5	Medium	2026-04-21
CVE-2026-0971	GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout — GoAnywhere MFT	4.3	Medium	2026-04-21
CVE-2025-12624	Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock — WSO2 Identity Server	6.0	Medium	2026-04-16
CVE-2026-34454	OAuth2 Proxy: Session cookie not cleared when rendering sign-in page — oauth2-proxy	3.5	Low	2026-04-14
CVE-2026-35594	Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade — vikunja	6.5	Medium	2026-04-10
CVE-2025-57735	Apache Airflow: Airflow Logout Not Invalidating JWT — Apache Airflow	9.1^AI	Critical^AI	2026-04-09
CVE-2026-1163	Insufficient Session Expiration in parisneo/lollms — parisneo/lollms	9.1^AI	Critical^AI	2026-04-08
CVE-2026-35462	Papra Does Not Reject Expired API Keys — papra	4.3	Medium	2026-04-07
CVE-2026-5376	runZero Platform session timeout failure — Platform	5.9	Medium	2026-04-07
CVE-2026-34828	listmonk: Active sessions remain valid after password reset and password change — listmonk	7.1	High	2026-04-02
CVE-2025-66483	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares	6.3	Medium	2026-04-01
CVE-2026-34503	OpenClaw < 2026.3.28 - Incomplete WebSocket Session Termination on Device Removal and Token Revocation — OpenClaw	8.1	High	2026-03-31
CVE-2026-26060	Fleet: Password reset tokens remain valid after password change for 24 hours — fleet	7.5	-	2026-03-27
CVE-2026-34362	AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket() — AVideo	5.4	Medium	2026-03-27
CVE-2025-55264	HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change — Aftermarket DPC	5.5	Medium	2026-03-26
CVE-2025-14810	IBM InfoSphere Information Server is vulnerable due to insufficient session expiration — InfoSphere Information Server	6.3	Medium	2026-03-25
CVE-2026-29092	Kiteworks Email Protection Gateway has an Insufficient Session Expiration — Kiteworks Email Protection Gateway	4.9	Medium	2026-03-25
CVE-2026-33417	Wallos: Password Reset Tokens Never Expire — Wallos	6.5	Medium	2026-03-24
CVE-2026-32663	IGL-Technologies eParking.fi Insufficient Session Expiration — eParking.fi	7.3	High	2026-03-20
CVE-2026-27649	CTEK Chargeportal Insufficient Session Expiration — Chargeportal	7.3	High	2026-03-20
CVE-2025-15553	Insecure Logout Functionality in Truesec LAPSWebUI — LAPSWebUI	7.8^AI	High^AI	2026-03-16
CVE-2025-15552	Long Session Lifetime in Truesec LAPSWebUI — LAPSWebUI	7.8^AI	High^AI	2026-03-16
CVE-2026-32132	ZITADEL: Reactivation of Expired Passkey Registration Codes — zitadel	7.4	High	2026-03-11

Vulnerabilities classified as CWE-613 (不充分的会话过期机制) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-613 (不充分的会话过期机制) — Vulnerability Class 296