Lucene search
K

315 matches found

RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.2 views

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37224

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

8.6CVSS6.5AI score0.00292EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/30 9:19 p.m.8 views

CVE-2025-34269

...

0.00292EPSS
Exploits0
CVE
CVE
added 2025/10/28 1:23 p.m.15 views

CVE-2025-12390

CVE-2025-12390 affects Keycloak; it describes an offline session takeover where a user could receive another user’s tokens due to reusing session identifiers and incomplete logout cleanup when cookies are missing. Connected sources confirm this vulnerability in Keycloak and reference Red Hat advi...

6CVSS6.1AI score0.00128EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/28 1:23 p.m.5 views

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS6AI score0.00128EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Red Hat build of Keycloak 授权问题漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An authorization issue vulnerability exists in the Red Hat build of Keycloak that stems from session identifier reuse and improper cleanup upon logout, which could lead to a user accidentally obtaining another...

6CVSS6.5AI score0.00128EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 8:13 p.m.8 views

CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

6.9CVSS6.7AI score0.00363EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.8 views

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

6.5CVSS6.9AI score0.00272EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/14 6:30 p.m.8 views

EUVD-2025-34237

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

4.8CVSS6.4AI score0.00272EPSS
Exploits1References2
NVD
NVD
added 2025/10/14 4:15 p.m.9 views

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

6.5CVSS0.00272EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.5 views

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

4.8CVSS6.5AI score0.00272EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/13 8:54 p.m.11 views

EUVD-2025-34113

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...

3.5CVSS6.4AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-3670

Malware in sbrugna...

5CVSS6.4AI score0.01445EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-5522

Malware in sbrugna...

6.8CVSS6.1AI score0.00907EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-4853

Malware in sbrugna...

10CVSS9.3AI score0.02136EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2016-6959

Malware in sbrugna...

5.9CVSS6.1AI score0.0048EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27513

Malware in sbrugna...

4.9CVSS6.2AI score0.00523EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-7993

Malware in sbrugna...

5.8CVSS6.9AI score0.01148EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1400

Malware in sbrugna...

7.5CVSS6.4AI score0.01283EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-0428

Malware in sbrugna...

7.5CVSS6.4AI score0.03234EPSS
Exploits0References2
Rows per page
Query Builder