Falhas do tipo CWE-384
221 resultadosCVE-2021-3740MEDIUMSession Fixation in chatwoot/chatwootEPSS 0.2%CVE-2026-41839MEDIUMSpring Framework Escalation via Session Fixation in WebFluxEPSS 0.2%CVE-2023-50920MEDIUMAn issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers EPSS 0.2%CVE-2025-65681LOWAn issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to seEPSS 0.2%CVE-2025-36117MEDIUMIBM Db2 Mirror for i session fixationEPSS 0.2%CVE-2026-34454LOWOAuth2 Proxy: Session cookie not cleared when rendering sign-in pageEPSS 0.2%CVE-2025-22216MEDIUMCVE-2025-22216 UAA Missing Zone ValidationEPSS 0.2%CVE-2024-49709LOWXSS in iKSORISEPSS 0.2%CVE-2023-21238—In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local informEPSS 0.2%CVE-2025-56746LOWCreativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation EPSS 0.2%CVE-2026-33384MEDIUMSession Fixation in QuickCMSEPSS 0.2%CVE-2025-71057HIGHImproper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attEPSS 0.1%CVE-2025-43516LOWA session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS TahoeEPSS 0.1%CVE-2025-68139MEDIUMIn EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processingEPSS 0.1%CVE-2023-24477MEDIUMSession Fixation in Guardian/CMC before 22.6.2EPSS 0.1%CVE-2025-56400HIGHCross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya SmarEPSS 0.1%CVE-2025-36115MEDIUMMultiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.EPSS 0.1%CVE-2025-12390MEDIUMOrg.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session idEPSS 0.1%CVE-2026-45773MEDIUMTurborepo: Login callback CSRF/session fixationEPSS 0.1%CVE-2026-53900MEDIUMCookie injection was possible when opening a PDF linkEPSS 0.1%