Improper Session Invalidation

github.com/usememos/memos is vulnerable to improper session invalidation. The vulnerability is due to access tokens not being revoked after a password change, which allows an attacker to retain unauthorized access using previously issued valid tokens...

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

EUVD-2025-22932

Malicious code in bioql PyPI...

Improper Session Invalidation

payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...

Student Result Management System /srms/change-password.php Component Session Hijacking Vulnerability

Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...

Car Washing Management System Session Hijacking Vulnerability

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...

e-Diary Management System Session Hijacking Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...

CVE-2025-50491

Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack...

CVE-2025-50488

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack...

CVE-2025-50493

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack...

CVE-2025-50494

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack...

CVE-2025-50489

Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...

PHPGurukul Bank Locker Management System 安全漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...

PHPGurukul Car Washing Management System 安全漏洞

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...

CVE-2025-50493

Summary: CVE-2025-50493 affects PHPGurukul Doctor Appointment Management System v1. The vulnerability is in the /doctor/change-password.php component where improper session invalidation can lead to a session hijacking attack. Likely impact is high (CVSS v3.1: 7.5, HIGH) with network-based access ...

CVE-2025-28059

CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...

Security Bulletin: IBM MQ Appliance is vulnerable to improper session invalidation (CVE-2022-40230)

Summary IBM MQ Appliance has resolved an improper session validation vulnerability. Vulnerability Details CVEID:CVE-2022-40230 DESCRIPTION: IBM MQ Appliance does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. CVSS Base score:...

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...