Lucene search
K

564 matches found

CVE
CVE
added 2026/02/03 4:59 p.m.8 views

CVE-2026-24667

CVE-2026-24667 concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, the system failed to invalidate active user sessions after a password change, allowing existing session tokens to remain usable and potentially granting unauthorized continued access to user accounts. Th...

5CVSS5.3AI score0.00129EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:59 p.m.3 views

CVE-2026-24667

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

5CVSS5.3AI score0.00129EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:59 p.m.6 views

EUVD-2026-5228

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

5CVSS5.3AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 4:59 p.m.7 views

CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

5CVSS5.3AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6047

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting issue in the file upload feature. A malicious username is embedded into the upload file list without proper...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6199

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A flaw exists where active user sessions are not invalidated after a password change. This allows existing...

5CVSS5.4AI score0.00129EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Open eClass 代码问题漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained code vulnerabilities. These vulnerabilities stemmed from the failure to invalidate active user sessions after password changes, allowing unauthorized access...

5CVSS5.9AI score0.00129EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 4:16 p.m.3 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:12 p.m.5 views

CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:12 p.m.19 views

CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:10 p.m.14 views

CVE-2025-36063 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3588

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3587

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 Description The software does not invalidate session data after a user logs out. This could potentially allow an authenticated user to...

6.5CVSS5.4AI score0.00145EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.11 views

SUSE CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5.3CVSS7AI score0.00769EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 4:36 a.m.7 views

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

5.4CVSS6.6AI score0.00272EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2025/11/29 4:15 a.m.5 views

CVE-2025-66289

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.8CVSS0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/11/29 3:6 a.m.5 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS7AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2025/11/29 3:6 a.m.16 views

CVE-2025-66289

Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...

8.8CVSS6.8AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/29 3:6 a.m.9 views

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.7CVSS0.00241EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.5 views

Apache Roller < 6.1.5 Insufficient Session Expiration on Password Change (CVE-2025-24859)

According to its self-reported version number, the instance of Apache Roller running on the remote host is prior to 6.1.5. It is, therefore, affected by a session management vulnerability where active user sessions are not properly invalidated after password changes. When a user's password is...

8.8CVSS7.3AI score0.0106EPSS
Exploits0References2
Rows per page
Query Builder