Lucene search
K

123 matches found

CNNVD
CNNVD
added 2025/08/29 12:0 a.m.15 views

Payload 代码问题漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload has a code issue vulnerability that stems from JWT not being invalidated after logout, which could lead to token reuse...

6.3CVSS6.7AI score0.00484EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/06 12:0 a.m.4 views

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

6.5AI score0.00372EPSS
Exploits1References4
OSV
OSV
added 2025/07/16 2:9 p.m.5 views

GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

8.7CVSS6.4AI score0.00498EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/07/16 2:9 p.m.5 views

File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

9.8CVSS6.5AI score0.00498EPSS
Exploits1References4Affected Software2
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse issue with firmwareloader on logout...

7.8CVSS6.1AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2025/06/04 8:15 p.m.13 views

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

4.3CVSS0.00156EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/04 7:50 p.m.13 views

CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

4.3CVSS7AI score0.00156EPSS
Exploits1References1
CVE
CVE
added 2025/06/04 7:50 p.m.52 views

CVE-2025-31482

CVE-2025-31482 – FreshRSS denial of service via logout . Affected: FreshRSS versions prior to 1.26.2. Vulnerability causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively resulting in denial of service. Root cause details are not elaborated beyond the observe...

4.3CVSS6.8AI score0.00156EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/06/03 3:14 p.m.65 views

CVE-2025-25019

CVE-2025-25019 affects IBM QRadar Suite Software versions 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue stems from a failure to invalidate sessions after logout, enabling an attacker to impersonate another user. IBM’s advisories indicate a remediation path: upgra...

6.5CVSS5AI score0.00218EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/06/01 12:0 a.m.5 views

IBM Planning Analytics Local 代码问题漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...

8.8CVSS6.6AI score0.00212EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.6 views

CVE-2023-40732

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks...

3.9CVSS6.7AI score0.00144EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.8 views

CVE-2022-43844

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081...

8.8CVSS6.5AI score0.00687EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.6 views

CVE-2021-21308

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...

9.1CVSS6.7AI score0.01049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:46 p.m.8 views

CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

4.3CVSS6.7AI score0.00503EPSS
Exploits0
CVE
CVE
added 2025/05/22 5:4 p.m.51 views

CVE-2025-48061

CVE-2025-48061 affects the wire-webapp (Wire) web client. A regression in the session invalidation process allowed a user who logged out to be automatically re-authenticated when re-opening the app. This issue is present in versions up to but not including 2025-05-20-production.0; the underlying ...

5.6CVSS5.6AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 p.m.5 views

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

8.1CVSS7AI score0.01019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.6 views

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

8.8CVSS7AI score0.01298EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.6 views

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...

5.5CVSS6.8AI score0.00524EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.19 views

CVE-2019-6584

A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...

8.8CVSS6.6AI score0.0127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.7 views

PT-2025-20715 · Schweitzer Engineering Laboratories · Sel Blueframe Os

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An issue allows an authenticated user's token to be used by another source after the user has logged out, prior to the token expiring. Recommendations: At the moment, there is no information...

6.3CVSS6AI score0.00143EPSS
Exploits0References5
Rows per page
Query Builder