123 matches found
Payload 代码问题漏洞
Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload has a code issue vulnerability that stems from JWT not being invalidated after logout, which could lead to token reuse...
CVE-2025-51306
In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...
GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout
Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...
File Browser’s insecure JWT handling can lead to session replay attacks after logout
Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse issue with firmwareloader on logout...
CVE-2025-31482
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...
CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...
CVE-2025-31482
CVE-2025-31482 – FreshRSS denial of service via logout . Affected: FreshRSS versions prior to 1.26.2. Vulnerability causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively resulting in denial of service. Root cause details are not elaborated beyond the observe...
CVE-2025-25019
CVE-2025-25019 affects IBM QRadar Suite Software versions 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue stems from a failure to invalidate sessions after logout, enabling an attacker to impersonate another user. IBM’s advisories indicate a remediation path: upgra...
IBM Planning Analytics Local 代码问题漏洞
IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...
CVE-2023-40732
A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks...
CVE-2022-43844
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081...
CVE-2021-21308
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...
CVE-2021-41176
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...
CVE-2025-48061
CVE-2025-48061 affects the wire-webapp (Wire) web client. A regression in the session invalidation process allowed a user who logged out to be automatically re-authenticated when re-opening the app. This issue is present in versions up to but not including 2025-05-20-production.0; the underlying ...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
CVE-2020-15950
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...
CVE-2019-6584
A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...
PT-2025-20715 · Schweitzer Engineering Laboratories · Sel Blueframe Os
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An issue allows an authenticated user's token to be used by another source after the user has logged out, prior to the token expiring. Recommendations: At the moment, there is no information...