Lucene search
K

564 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 1:4 p.m.1 views

CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28289

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description A flaw exists where the system fails to invalidate a session after a password change. This allows an attacker who has access to an existing session to maintain control of an accou...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:11 p.m.2 views

CVE-2025-14810

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28110

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 10:56 p.m.24 views

CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

8.1CVSS0.00369EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/26 10:56 p.m.4 views

CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

8.1CVSS5.8AI score0.00369EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 10:2 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...

9.3CVSS6AI score0.00428EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/25 10:2 p.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...

9.3CVSS6AI score0.00428EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/25 10:2 p.m.8 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.5 views

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.8CVSS5.5AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 2:16 p.m.7 views

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.8CVSS0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 1:8 p.m.5 views

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS5.5AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 1:8 p.m.25 views

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS0.00367EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20391

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS5.5AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/02/17 9:22 p.m.5 views

CVE-2025-36377

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

8.8CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 8:37 p.m.3 views

CVE-2025-36376

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00185EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/05 12:31 a.m.4 views

EUVD-2024-55397

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.4AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 9:18 p.m.3 views

CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.4AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 9:18 p.m.24 views

CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-24667

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

5CVSS5.3AI score0.00129EPSS
Exploits0References1
Rows per page
Query Builder