Skip to content
Threat Feed
Subscribe

Tag

Session-Fixation

4 briefs RSS
high advisory

CVE-2026-7507: Keycloak Session Fixation Vulnerability in Login Actions Endpoints

A session fixation vulnerability in Keycloak's /login-actions/restart endpoint allows an unauthenticated attacker to hijack a user's session by crafting a malicious link that resets the authentication flow, potentially leading to account takeover.

Keycloak session fixation account takeover cve-2026-7507
2r 1t 1c
high advisory

CVE-2026-41613 - Visual Studio Code Session Fixation Vulnerability

CVE-2026-41613 is a session fixation vulnerability in Visual Studio Code that allows an unauthorized attacker to elevate privileges over a network.

Visual Studio Code session-fixation privilege-escalation vscode
2r 1t 1c
high advisory

OpenCart Session Fixation Vulnerability (CVE-2021-47923)

OpenCart 3.0.3.8 is vulnerable to session fixation (CVE-2021-47923), allowing attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie, leading to unauthorized access.

OpenCart 3.0.3.8 opencart session-fixation CVE-2021-47923 webserver
2r 1t 1c
medium advisory

Chamilo LMS Session Fixation Vulnerability (CVE-2026-31940)

Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 are vulnerable to session fixation due to user-controlled request parameters being used to set the PHP session ID, potentially allowing attackers to hijack user sessions.

session-fixation web-application cve-2026-31940
2r 1t 1c