GHSA-QPPM-G56G-FPVP Turbo Frame responses can restore stale session cookies

Summary A race condition in Turbo Frames allows delayed HTTP responses to restore stale session cookies after session-modifying operations. Details Browsers automatically process Set-Cookie headers from HTTP responses. When a Turbo Frame request is in-flight during a session-modifying action such...

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

EUVD-2025-14680

Malicious code in bioql PyPI...

CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

PT-2024-31682 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.7.0 Description: The issue allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via "index.php?logout=1", and can also be used to insert a link to an external phishing...

CVE-2023-29463

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...

Rockwell Automation Pavilion8 授权问题漏洞

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from the fact that the JMX Console is publicly available to users and does not require authentication. An attacker could...

GHSA-M6CP-VXJX-65J6 SessionListener can prevent a session from being invalidated breaking logout

Impact If an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application us...

Immuta Session Mismanagement Vulnerability

Immuta is a data organizing platform for data analysis from Immuta. A session mismanagement vulnerability exists in Immuta version v2.8.2, which causes logging out without undoing the user's session. No details of the vulnerability are provided at this time...