Lucene search
+L

23 matches found

veracode
veracode
added 2026/04/15 6:46 a.m.5 views

Improper Session Invalidation

github.com/usememos/memos is vulnerable to improper session invalidation. The vulnerability is due to access tokens not being revoked after a password change, which allows an attacker to retain unauthorized access using previously issued valid tokens...

7.5CVSS5.8AI score0.00278EPSS
Exploits1References5Affected Software1
github
github
added 2026/04/01 10:8 p.m.9 views

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
veracode
veracode
added 2025/12/13 4:36 a.m.9 views

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

5.4CVSS6.6AI score0.00272EPSS
Exploits0References10Affected Software1
veracode
veracode
added 2025/10/14 7:19 a.m.8 views

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

6.3CVSS7AI score0.00275EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22932

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00404EPSS
Exploits1References3
veracode
veracode
added 2025/09/26 10:12 a.m.7 views

Improper Session Invalidation

payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...

6.3CVSS7AI score0.00484EPSS
Exploits0References5Affected Software3
cnvd
cnvd
added 2025/08/01 12:0 a.m.2 views

Student Result Management System /srms/change-password.php Component Session Hijacking Vulnerability

Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...

7.5CVSS6.9AI score0.00479EPSS
Exploits1References1
cnvd
cnvd
added 2025/08/01 12:0 a.m.3 views

Car Washing Management System Session Hijacking Vulnerability

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...

7.5CVSS6.9AI score0.00387EPSS
Exploits1References1
cnvd
cnvd
added 2025/07/30 12:0 a.m.3 views

e-Diary Management System Session Hijacking Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...

7.5CVSS6.9AI score0.00429EPSS
Exploits0References1
osv
osv
added 2025/07/28 6:15 p.m.4 views

CVE-2025-50491

Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack...

7.1CVSS5.8AI score0.00286EPSS
Exploits0References3
osv
osv
added 2025/07/28 6:15 p.m.26 views

CVE-2025-50488

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack...

7.1CVSS5.8AI score0.00312EPSS
Exploits1References3
osv
osv
added 2025/07/28 5:15 p.m.6 views

CVE-2025-50493

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack...

7.5CVSS5.8AI score0.00315EPSS
Exploits0References3
osv
osv
added 2025/07/28 5:15 p.m.5 views

CVE-2025-50494

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack...

7.5CVSS5.8AI score0.00387EPSS
Exploits1References3
attackerkb
attackerkb
added 2025/07/28 12:0 a.m.4 views

CVE-2025-50487

Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack...

7.1CVSS6AI score0.00261EPSS
Exploits1References4
attackerkb
attackerkb
added 2025/07/28 12:0 a.m.3 views

CVE-2025-50490

Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...

7.5CVSS6AI score0.00404EPSS
Exploits1References4
attackerkb
attackerkb
added 2025/07/28 12:0 a.m.2 views

CVE-2025-50493

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack...

7.5CVSS6AI score0.00315EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/07/28 12:0 a.m.4 views

PHPGurukul Car Washing Management System 安全漏洞

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...

7.5CVSS6.9AI score0.00387EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/07/28 12:0 a.m.2 views

CVE-2025-50489

Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...

6.7AI score0.00479EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/07/28 12:0 a.m.5 views

PHPGurukul Bank Locker Management System 安全漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...

7.1CVSS6.9AI score0.00286EPSS
Exploits0References4
cve
cve
added 2025/07/28 12:0 a.m.24 views

CVE-2025-50493

Summary: CVE-2025-50493 affects PHPGurukul Doctor Appointment Management System v1. The vulnerability is in the /doctor/change-password.php component where improper session invalidation can lead to a session hijacking attack. Likely impact is high (CVSS v3.1: 7.5, HIGH) with network-based access ...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder