Lucene search
K

564 matches found

Snyk
Snyk
added 2025/11/14 8:50 p.m.2 views

Insufficient Session Expiration

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate active session tokens after a password change. An attacker can maintain unauthorized access by continuing to use a previously established...

8.1CVSS6.9AI score
Exploits0References2
EUVD
EUVD
added 2025/11/14 8:50 p.m.3 views

EUVD-2025-197620

Flowise Fails to Invalidate Existing Sessions After Password Changes...

6.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/14 8:50 p.m.5 views

Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

6.4AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/14 8:50 p.m.1 views

GHSA-X7RP-QJ2H-GHGW Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

8.1CVSS6.3AI score
Exploits0References3
OSV
OSV
added 2025/11/08 12:15 a.m.5 views

CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an...

8.3CVSS7AI score0.00302EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/08 12:15 a.m.6 views

CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an...

8.3CVSS6.5AI score0.00302EPSS
Exploits0References3
CVE
CVE
added 2025/11/08 12:15 a.m.18 views

CVE-2025-64489

CVE-2025-64489 (SuiteCRM) : Privilege escalation due to improper session invalidation after account deactivation. A user with a deactivated account but an active session can access the app and self-reactivate, enabling unauthorized persistence. Affected versions: 7.14.7 and earlier, and 8.0.0-bet...

8.8CVSS6.5AI score0.00302EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.7 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS6.8AI score0.00964EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 9:31 p.m.5 views

EUVD-2025-37392

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.4AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2025/10/31 9:15 p.m.11 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/10/31 9:15 p.m.4 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2024-55047

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.2CVSS6.3AI score0.00964EPSS
Exploits0References4
CVE
CVE
added 2025/10/31 12:0 a.m.12 views

CVE-2025-63563

The CVE-2025-63563 affects Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2. The root cause is improper invalidation of active sessions after a password change, enabling an attacker with a valid session token to retain access after the legitimate user changes their password....

6.5CVSS6.5AI score0.00242EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/31 12:0 a.m.4 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.5AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.7 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

0.00242EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 10:15 p.m.3 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS5.8AI score0.00964EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.18 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS0.00964EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:44 p.m.18 views

CVE-2024-13996

CVE-2024-13996 affects Nagios XI prior to 2024R1.1.3. The issue is that changing a user password does not invalidate all other active sessions, allowing pre-existing sessions (potentially attacker-controlled) to remain valid and permit continued unauthorized access to user data and actions. Multi...

9.8CVSS6.5AI score0.00964EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:44 p.m.7 views

CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.2CVSS6.5AI score0.00964EPSS
Exploits0References3
CVE
CVE
added 2025/10/27 12:0 a.m.20 views

CVE-2025-60425

CVE-2025-60425 affects Nagios Fusion v2024R1.2 and v2024R2. The root cause is failure to invalidate existing session tokens when two-factor authentication is enabled, enabling session hijacking attacks. The CVSSv3.1 base score is 8.6 (HIGH) with network attack vector, no user interaction, and no ...

8.6CVSS6.7AI score0.00935EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder