Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-613 (不充分的会话过期机制) — Vulnerability Class 296

296 vulnerabilities classified as CWE-613 (不充分的会话过期机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability — BigFix IVR 2.0 Low2026-01-07
CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced — panel 6.5 -2026-01-06
CVE-2021-47740 KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability — JT3500V 7.5 High2025-12-31
CVE-2022-50692 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vulnerability — Impact/Pulse/First 7.5 High2025-12-30
CVE-2025-62329 HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability — DevOps Deploy / Launch 5.0 Medium2025-12-16
CVE-2025-36360 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability — UCD - IBM UrbanCode Deploy 5.0 Medium2025-12-15
CVE-2025-62631 Fortinet FortiOS 代码问题漏洞 — FortiOS 5.3 Medium2025-12-09
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change — orangehrm 8.8 -2025-11-29
CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration — openobserve 9.8 -2025-11-29
CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration — security-advisories 7.1 High2025-11-29
CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes — authentik 5.8 Medium2025-11-19
CVE-2025-55278 HCL DevOps Loop is susceptible to an improper authentication vulnerability — DevOps Loop 8.1 High2025-11-05
CVE-2025-64386 HIJACKING OF THE TOKEN AND GAINING ACCESS — TCPRS1plus 9.8 -2025-10-31
CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change — XI 9.8AICriticalAI2025-10-30
CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired — DANZ Monitoring Fabric 5.3 Medium2025-10-29
CVE-2025-62781 PILOS is missing session regeneration after password change — PILOS 5.0 Medium2025-10-27
CVE-2025-12110 Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed — keycloak 5.4 Medium2025-10-23
CVE-2025-11429 Keycloak-server: too long and not settings compliant session — keycloak 5.4 Medium2025-10-23
CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi — Strapi 9.1AICriticalAI2025-10-16
CVE-2024-33507 Fortinet FortiIsolator 代码问题漏洞 — FortiIsolator 7.0 High2025-10-14
CVE-2025-25252 Fortinet FortiOS SSL-VPN 代码问题漏洞 — FortiOS 4.3 Medium2025-10-14
CVE-2025-62174 Mastodon allows continued access after password reset via CLI — mastodon 3.5 Low2025-10-13
CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails — Vickey 5.3AIMediumAI2025-10-13
CVE-2023-49881 IBM Transformation Extender Advanced session fixation — Transformation Extender Advanced 6.3 Medium2025-10-01
CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout — FreshRSS 7.1AIHighAI2025-09-29
CVE-2025-43819 Liferay Portal和Liferay DXP 代码问题漏洞 — Portal 8.2AIHighAI2025-09-24
CVE-2025-59335 CubeCart Session Not Invalidated After Password Change — v6 7.1 High2025-09-22
CVE-2025-35433 CISA Thorium does not properly invalidate previously used tokens — Thorium 5.0 Medium2025-09-17
CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk) — AxxonOne C-Werk 5.4 Medium2025-09-10
CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session — fides 9.8AICriticalAI2025-09-08

Vulnerabilities classified as CWE-613 (不充分的会话过期机制) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.