Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48541

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Cookies in internal/web/session.go and internal/web/oidc.go are configured with HttpOnly and SameSite=Lax but lack the Secure attribute. This allows a session to be disclosed if a plaintext reque...

8.2CVSS5.9AI score0.00031EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/11 2:2 p.m.12 views

Insufficient Session Expiration

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...

8.9CVSS6.2AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.5 views

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

9.8CVSS5.9AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.4 views

EUVD-2025-208279

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

6CVSS5.9AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

2N Access Commander 安全漏洞

2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from improper expiration of session tokens, which could allow multiple session cookies to remain active after...

9.8CVSS5.8AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22933

Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.2 Description The web application does not properly invalidate session tokens, which allows multiple session cookies to remain active even after a user logs out. This can potentially allow unauthorized...

9.8CVSS5.9AI score0.00254EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/02 3:21 p.m.4 views

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/01 6:30 p.m.5 views

EUVD-2025-199992

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

7.1CVSS6.3AI score0.00412EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39903

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS does not properly end a user session when they log out. The session cookie remains active and can be reused by an attacker to start a new session, potentially leading to session hijacking...

9.8CVSS6.7AI score0.00495EPSS
Exploits1References8
OSV
OSV
added 2021/07/02 6:15 p.m.4 views

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...

5.4CVSS6.1AI score0.00524EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/22 12:0 a.m.4 views

Unspecified Vulnerability in Mattermost Mobile Apps

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps prior to version 1.29.0 iOS, which can be exploited by an attacker to gain access to information because the program does not clear the SSO cookie and local...

7.5CVSS6.5AI score0.0112EPSS
Exploits0References1
Rows per page
Query Builder