CWE-384

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.