54 matches found
CVE-2025-15553
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
PT-2026-25676
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
GO-2026-4623 OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
GHSA-GQ2M-77HF-VWGH OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session
Summary OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year. An attacker with a previously stolen or captured session cookie can continue authenticating...
CVE-2025-59786
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-36063
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...
PT-2026-3642
Name of the Vulnerable Software and Affected Versions Hotwired Turbo versions prior to 8.0.0 Description A race condition exists in the turbo-frame element handler. This issue can cause logout operations to fail when delayed frame responses reapply session cookies after a user has logged out...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
Turbo security vulnerabilities
Turbo is a code development tool open source by Hotwire. Versions of Turbo prior to 8.0.x contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the turbo-frame element handler, which could lead to failed logouts and the reapplication of session cookies after a...
CVE-2025-66803
CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2024-2260
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to destroy the target device when the KVM merge MMIO device logout fails, potentially leading to...