Fallos del tipo CWE-384
221 resultadosCVE-2022-40293CRITICALSession fixation in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.EPSS 0.6%CVE-2023-34656—An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackerEPSS 0.6%CVE-2022-44788MEDIUMAn issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that isEPSS 0.6%CVE-2023-52268CRITICALThe End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session tEPSS 0.6%CVE-2014-125048MEDIUMkassi xingwall oauth.js session fixiationEPSS 0.6%CVE-2022-2820HIGHSession Fixation in namelessmc/namelessEPSS 0.6%CVE-2024-0351LOWSourceCodester Engineers Online Portal session fixiationEPSS 0.6%CVE-2022-43687MEDIUMConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authenticatEPSS 0.6%CVE-2024-25977HIGHSession FixationEPSS 0.6%CVE-2023-50176HIGHA session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execuEPSS 0.6%CVE-2024-2639MEDIUMBdtask Wholesale Inventory Management System session fixiationEPSS 0.5%CVE-2018-16463—A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access tEPSS 0.5%CVE-2023-27490HIGHMissing proper state, nonce and PKCE checks for OAuth authentication in next-authEPSS 0.5%CVE-2026-41613HIGHVisual Studio Code Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2022-24745MEDIUMGuest session is shared between customers in shopwareEPSS 0.5%CVE-2024-31221MEDIUMClients removed during unpairing process may regain access if Sunshine was not restartedEPSS 0.5%CVE-2023-3394MEDIUMSession Fixation in fossbilling/fossbillingEPSS 0.5%CVE-2023-5309MEDIUMBroken Session Management in Puppet EnterpriseEPSS 0.5%CVE-2024-30262MEDIUMContao's remember-me tokens will not be cleared after a password changeEPSS 0.5%CVE-2022-43398HIGHA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER MEPSS 0.5%