Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

CVE-2025-36063

The vulnerability CVE-2025-36063 affects IBM Sterling Connect:Express Adapter for Sterling B2B Integrator, version 5.2.0.00–5.2.0.12. The root cause is that the adapter does not invalidate the user session after logout, potentially allowing an authenticated user to impersonate another user in the...

Hitron HI3120 安全漏洞

Hitron HI3120 is a cable modem from Hitron Corporation of Taiwan, China. A security vulnerability exists in Hitron HI3120 version 7.2.4.5.2b1, which stems from improper handling of the Logout option and could lead to the disclosure of sensitive information...

PT-2025-48449

Name of the Vulnerable Software and Affected Versions nopCommerce versions prior to 4.80.3 Description The software does not invalidate session cookies after logout or session termination. This allows an attacker with a valid session cookie to access privileged endpoints, such as '/admin', even...

EUVD-2014-5988

Malware in sbrugna...

EUVD-2025-24832

Malicious code in bioql PyPI...

CVE-2025-55162

A flaw was found in Envoy. A session management flaw was discovered in how Envoy's OAuth2 filter handles user logouts. This could allow a user's session to remain active even after they have logged out, creating a risk of account hijacking on a shared computer. Mitigation Mitigation for this issu...

GHSA-5V66-M237-HWF7 Payload does not invalidate JWTs after log out

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2025-4643

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

PT-2025-35200

Name of the Vulnerable Software and Affected Versions: Payload versions prior to 3.44.0 Description: Payload utilizes JSON Web Tokens JWT for authentication. Following a user logout, the JWT is not invalidated, enabling an attacker who has obtained a valid token—through theft or interception—to...

PT-2024-28679 · Unknown · Central Manager

Name of the Vulnerable Software and Affected Versions: Central Manager affected versions not specified Description: The issue concerns the Central Manager user session refresh token, which does not expire when a user logs out. This could potentially allow unauthorized access to user sessions. Not...

PT-2024-24139 · Unknown · Reportico Web

Name of the Vulnerable Software and Affected Versions: Reportico Web versions prior to 8.1.0 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. This vulnerability arises from the failure of the web application to...

IBM PowerSC 代码问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. A session fixation vulnerability exists in IBM PowerSC, which stems from a failure to disable a session after logging out, and can be exploited by an attacker to impersonate anoth...

IBM MQ Appliance 代码问题漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from International Business Machines IBM. A security vulnerability exists in the IBM MQ Appliance that stems from not invalidating a session after logging out, which could allow an...

PYSEC-2021-341

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

CVE-2018-1127

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user...

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...