315 matches found
org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
EUVD-2025-37224
Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...
CVE-2025-34269
...
CVE-2025-12390
CVE-2025-12390 affects Keycloak; it describes an offline session takeover where a user could receive another user’s tokens due to reusing session identifiers and incomplete logout cleanup when cookies are missing. Connected sources confirm this vulnerability in Keycloak and reference Red Hat advi...
CVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
Red Hat build of Keycloak 授权问题漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An authorization issue vulnerability exists in the Red Hat build of Keycloak that stems from session identifier reuse and improper cleanup upon logout, which could lead to a user accidentally obtaining another...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-25252
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...
EUVD-2025-34237
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...
CVE-2025-25252
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...
CVE-2025-25252
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...
EUVD-2025-34113
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...
EUVD-2013-3670
Malware in sbrugna...
EUVD-2017-5522
Malware in sbrugna...
EUVD-2016-4853
Malware in sbrugna...
EUVD-2016-6959
Malware in sbrugna...
EUVD-2020-27513
Malware in sbrugna...
EUVD-2014-7993
Malware in sbrugna...
EUVD-2008-1400
Malware in sbrugna...
EUVD-1999-0428
Malware in sbrugna...