564 matches found
CVE-2026-24667
CVE-2026-24667 concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, the system failed to invalidate active user sessions after a password change, allowing existing session tokens to remain usable and potentially granting unauthorized continued access to user accounts. Th...
CVE-2026-24667
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
EUVD-2026-5228
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
PT-2026-6047
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud versions prior to 2026-02-03 Description Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting issue in the file upload feature. A malicious username is embedded into the upload file list without proper...
PT-2026-6199
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A flaw exists where active user sessions are not invalidated after a password change. This allows existing...
Open eClass 代码问题漏洞
Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained code vulnerabilities. These vulnerabilities stemmed from the failure to invalidate active user sessions after password changes, allowing unauthorized access...
CVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36063 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...
PT-2026-3588
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
PT-2026-3587
Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 Description The software does not invalidate session data after a user logs out. This could potentially allow an authenticated user to...
SUSE CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...
Improper Session Invalidation
org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...
CVE-2025-66289
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
CVE-2025-66289
Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
Apache Roller < 6.1.5 Insufficient Session Expiration on Password Change (CVE-2025-24859)
According to its self-reported version number, the instance of Apache Roller running on the remote host is prior to 6.1.5. It is, therefore, affected by a session management vulnerability where active user sessions are not properly invalidated after password changes. When a user's password is...