11 matches found
PT-2026-48541
Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Cookies in internal/web/session.go and internal/web/oidc.go are configured with HttpOnly and SameSite=Lax but lack the Secure attribute. This allows a session to be disclosed if a plaintext reque...
Insufficient Session Expiration
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...
CVE-2025-59786
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
EUVD-2025-208279
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
2N Access Commander 安全漏洞
2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from improper expiration of session tokens, which could allow multiple session cookies to remain active after...
PT-2026-22933
Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.2 Description The web application does not properly invalidate session tokens, which allows multiple session cookies to remain active even after a user logs out. This can potentially allow unauthorized...
CVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...
EUVD-2025-199992
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...
PT-2025-39903
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS does not properly end a user session when they log out. The session cookie remains active and can be reused by an attacker to start a new session, potentially leading to session hijacking...
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...
Unspecified Vulnerability in Mattermost Mobile Apps
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps prior to version 1.29.0 iOS, which can be exploited by an attacker to gain access to information because the program does not clear the SSO cookie and local...