Weaknesses of type CWE-613
394 resultsCVE-2026-9802MEDIUMKeycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restartEPSS 0.3%CVE-2025-50484HIGHImproper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hEPSS 0.3%CVE-2026-27647MEDIUMMobility46 mobility46.se Insufficient Session ExpirationEPSS 0.3%CVE-2025-50487HIGHImproper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attEPSS 0.3%CVE-2026-30224MEDIUMOliveTin: Session Fixation - Logout Fails to Invalidate Server-Side SessionEPSS 0.3%CVE-2025-55705HIGHEVMAPA Insufficient Session ExpirationEPSS 0.3%CVE-2026-34828HIGHlistmonk: Active sessions remain valid after password reset and password changeEPSS 0.3%CVE-2025-0138LOWPrisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web InterfaceEPSS 0.3%CVE-2019-3867—A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access tEPSS 0.3%CVE-2026-53926MEDIUMNocoDB: OAuth Tokens Persist Through Security EventsEPSS 0.3%CVE-2026-27764MEDIUMMobiliti e-mobi.hu Insufficient Session ExpirationEPSS 0.3%CVE-2026-46656HIGHBludit CMS has improper authorization and mediation failure leading to persistent ghost sessionsEPSS 0.3%CVE-2024-56351MEDIUMIn JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user rolesEPSS 0.3%CVE-2025-64386HIGHHIJACKING OF THE TOKEN AND GAINING ACCESSEPSS 0.3%CVE-2024-36041HIGHKSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on EPSS 0.3%CVE-2024-32006MEDIUMA vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the EPSS 0.3%CVE-2024-46892MEDIUMA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sEPSS 0.3%CVE-2022-38382MEDIUMIBM Cloud Pak for Security session fixationEPSS 0.3%CVE-2021-3461—A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity providerEPSS 0.3%CVE-2026-44188MEDIUMAnsible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expirationEPSS 0.3%