CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

Nagios Network Analyzer 代码问题漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from a session management flaw that could cause session tokens to be reused even after logout...

PT-2024-25050 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform affected versions not specified Description: The issue concerns insecure storage where dynamic web pages are cached even after a user logs out. This allows an attacker to potentially view...

Elenos ETG150 Security Vulnerability

The Elenos ETG150 is an FM transmitter from Elenos. A security vulnerability exists in the Elenos ETG150 FM Transmitter version v3.12, which stems from an insufficient session expiration time and allows an attacker to arbitrarily change configuration and data after logging out...

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...