Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.14 views

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover

Summary Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password. Details SillyTavern relies on cookie-session for authentication, storing all session data user handle, permissions in a...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/31 9:31 p.m.5 views

EUVD-2025-37392

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.4AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.18 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS0.00964EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-2031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt...

8.8CVSS7.2AI score0.00965EPSS
Exploits0References2
NVD
NVD
added 2021/11/02 6:15 p.m.29 views

CVE-2020-23686

Cross site request forgery CSRF vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts...

8.8CVSS0.00568EPSS
Exploits1References1
OSV
OSV
added 2017/05/08 5:29 p.m.5 views

CVE-2017-8848

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References1
Rows per page
Query Builder