14 matches found
EUVD-2025-16186
Malicious code in bioql PyPI...
PT-2025-39418
Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.2.0 through 2.3.0 Description Flag Forge improperly manages session invalidation. After a user logs out, they can still access protected endpoints, such as /api/profile, and CSRF tokens remain valid. This allows continued...
CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS
Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...
Linux Distros Unpatched Vulnerability : CVE-2018-11406
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x befor...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
PT-2024-35171 · Amazon · Amazon Cognito
Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...
F5 BIG-IP Next Central Manager 安全漏洞
F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A security vulnerability exists in F5 BIG-IP Next Central Manager that stems from the Central Manager user session refresh token not expiring when a user logs off...
PT-2023-6399 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue is related to an incorrect session expiration time, allowing an authenticated user's session cookie to remain valid for a limited time after logging out from the BIG-IP Configurati...
DEBIAN-CVE-2022-25896
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
CVE-2022-25896
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
IceHrm 代码问题漏洞
IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm 30.0.0 OS, which stems from the fact that logging out from an administrator account does not invalidate an...
UBUNTU-CVE-2020-17489
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...
DEBIAN-CVE-2018-11406
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...
UBUNTU-CVE-2018-11406
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...