CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

PT-2026-39194

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium versions prior to 10.56 Description Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. ...

EUVD-2010-1167

Malware in sbrugna...

EUVD-2024-51493

Malicious code in bioql PyPI...

The vulnerability of the Persistent Login module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Persistent Login module in the Drupal CMS system is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2024-13280

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280 Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

CVE-2024-13280

The CVE concerns the Drupal Persistent Login module and an insufficient session expiration vulnerability that allows forceful browsing (access bypass). Affected versions are 0.0.0–before 1.8.0 and 2.0.* before 2.2.2. The root cause, as described in linked advisories, is improper session/cookie ha...

CVE-2024-13280 Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0. before 2.2.2...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Persistent Login prior to version 1.8.0, versions 2.0. through 2.2.2, which stems from the inclusion of a session expiration insufficiency issue...

PT-2025-2095 · Drupal · Drupal Persistent Login

Name of the Vulnerable Software and Affected Versions: Drupal Persistent Login versions 0.0.0 through 1.8.0 Drupal Persistent Login versions 2.0. through 2.2.2 Description: The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsin...

Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

This module enables users to remain logged in separately from session timeouts. The module doesn't sufficiently check a user's disabled status when validating cookies. This vulnerability is mitigated by the fact that an attacker must have an unexpired cookie from a previous successful login...

Drupal Persistent Login module < 1.8.0,2.2.0-2.2.1,2.0,2.1 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Geoff Appleby in WordPress Module Persistent Login versions 1.8.0,2.2.0-2.2.1,2.0,2.1...

WordPress WordPress Persistent Login Plugin < 2.0.15 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Persistent Login Type Plugin Vulnerable versions 2.0.15 Fixed in 2.0.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 12dbff6dbbea Credits Rafie Muhammad...

WordPress WordPress Persistent Login plugin <= 1.3.23 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

WordPress WordPress Persistent Login plugin <= 1.3.23 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

Cisco IOS XE Consent Token Bypass Vulnerability (CNVD-2020-57581)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A consent token bypass vulnerability exists in the persistent Telnet/Secure Shell SSH CLI of Cisco IOS XE. The vulnerability stems from insufficient enforcement of consent tokens ...