CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.