Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-29 | CVE-2021-35034 | Insufficient Session Expiration vulnerability in Zyxel Nbg6604 Firmware An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. | 9.1 |
| 2021-12-08 | CVE-2020-27416 | Insufficient Session Expiration vulnerability in Mahadiscom Mahavitaran 7.50 Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. | 9.8 |
| 2021-12-02 | CVE-2021-43791 | Insufficient Session Expiration vulnerability in Zulip Zulip is an open source group chat application that combines real-time chat with threaded conversations. | 5.3 |
| 2021-11-30 | CVE-2021-36330 | Insufficient Session Expiration vulnerability in Dell EMC Streaming Data Platform Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. | 9.8 |
| 2021-11-30 | CVE-2021-42545 | Insufficient Session Expiration vulnerability in Business-Dnasolutions Topease An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | 9.1 |
| 2021-11-16 | CVE-2021-25940 | Insufficient Session Expiration vulnerability in Arangodb In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. | 8.0 |
| 2021-11-16 | CVE-2021-25985 | Insufficient Session Expiration vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. | 9.8 |
| 2021-11-08 | CVE-2021-25979 | Insufficient Session Expiration vulnerability in Apostrophecms Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. | 9.8 |
| 2021-11-04 | CVE-2021-41247 | Insufficient Session Expiration vulnerability in Jupyter Jupyterhub JupyterHub is an open source multi-user server for Jupyter notebooks. | 7.5 |
| 2021-11-04 | CVE-2021-34739 | Insufficient Session Expiration vulnerability in Cisco products A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. | 8.1 |