Fallos del tipo CWE-613
394 resultadosCVE-2026-24669HIGHOpen eClass Insecure Password Reset Token Reuse Enables Account TakeoverEPSS 0.2%CVE-2025-52661LOWHCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resultiEPSS 0.1%CVE-2020-4914MEDIUMIBM Cloud Pak System Software Suite session fixationEPSS 0.1%CVE-2025-36063MEDIUMMultiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.EPSS 0.1%CVE-2023-40732LOWA vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not inEPSS 0.1%CVE-2026-44873MEDIUMInsufficient Session Invalidation on User Account Deactivation in AOS-8 Operating SystemEPSS 0.1%CVE-2025-65430MEDIUMAn issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user whEPSS 0.1%CVE-2026-24667MEDIUMOpen eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account AccessEPSS 0.1%CVE-2025-46741MEDIUMImproper Privilege ManagementEPSS 0.1%CVE-2025-48061MEDIUMwire-webapp Has Insufficient Session Invalidation after User LogoutEPSS 0.1%CVE-2025-55264MEDIUMHCL Aftermarket DPC is affected by Failure to Invalidate Session on Password ChangeEPSS 0.1%CVE-2025-15552MEDIUMLong Session Lifetime in Truesec LAPSWebUIEPSS 0.1%CVE-2025-15553MEDIUMInsecure Logout Functionality in Truesec LAPSWebUIEPSS 0.1%CVE-2025-54547MEDIUMOn affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expiredEPSS 0.1%