EUVD-2025-209371

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

EUVD-2022-37576

Malicious code in bioql PyPI...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...