23 matches found
Improper Session Invalidation
github.com/usememos/memos is vulnerable to improper session invalidation. The vulnerability is due to access tokens not being revoked after a password change, which allows an attacker to retain unauthorized access using previously issued valid tokens...
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...
Improper Session Invalidation
org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...
Improper Session Invalidation
ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...
EUVD-2025-22932
Malicious code in bioql PyPI...
Improper Session Invalidation
payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...
Student Result Management System /srms/change-password.php Component Session Hijacking Vulnerability
Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...
Car Washing Management System Session Hijacking Vulnerability
Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...
e-Diary Management System Session Hijacking Vulnerability
The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...
CVE-2025-50491
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack...
CVE-2025-50488
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack...
CVE-2025-50493
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack...
CVE-2025-50494
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack...
CVE-2025-50487
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack...
CVE-2025-50490
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...
CVE-2025-50493
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack...
PHPGurukul Car Washing Management System 安全漏洞
Car Washing Management System is a car wash management system. Car Washing Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /doctor/change-password.php, no details of the vulnerability are provided at this time...
CVE-2025-50489
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...
PHPGurukul Bank Locker Management System 安全漏洞
Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...
CVE-2025-50493
Summary: CVE-2025-50493 affects PHPGurukul Doctor Appointment Management System v1. The vulnerability is in the /doctor/change-password.php component where improper session invalidation can lead to a session hijacking attack. Likely impact is high (CVSS v3.1: 7.5, HIGH) with network-based access ...