CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

Apache Airflow code vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the authentication...

PT-2026-38363

Name of the Vulnerable Software and Affected Versions Katalyst Koi versions prior to 5.6.0 Katalyst Koi versions prior to 4.20.0 Description Admin session cookies are not invalidated upon logout. This allows an attacker who has obtained a valid admin session cookie—through exposure, caching, or...

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

IBM Concert 代码问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert that stems from a failure to disable a session after logging out, which could be exploited ...

PT-2025-50540

Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description The mobile application improperly manages sensitive information stored in memory. A memory dump of the application, following user logout and termination, can reveal Wi-Fi credentials...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

Nagios Network Analyzer 代码问题漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from a session management flaw that could cause session tokens to be reused even after logout...

CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

PT-2024-25050 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform affected versions not specified Description: The issue concerns insecure storage where dynamic web pages are cached even after a user logs out. This allows an attacker to potentially view...

PT-2023-31050 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-server versions prior to 0.13.1 Description: The issue arises from the authorization header used for user login remaining valid and not expiring after log out, allowing an attacker to use the token to gain unauthorized access to the...

Elenos ETG150 Security Vulnerability

The Elenos ETG150 is an FM transmitter from Elenos. A security vulnerability exists in the Elenos ETG150 FM Transmitter version v3.12, which stems from an insufficient session expiration time and allows an attacker to arbitrarily change configuration and data after logging out...

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...

IBM Financial Transaction Manager Authorization Issues Vulnerability

IBM Financial Transaction Manager for High Value Payments for Multi-Platform FTM HVP is a financial transaction manager for multi-platforms from IBM, USA. The product is primarily used to monitor, track and report on financial payments and transactions. An authorization issue vulnerability exists...

UBUNTU-CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

CVE-2018-10990

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...