CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

EUVD-2025-199992

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

CVE-2025-11699 CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

PT-2025-48449

Name of the Vulnerable Software and Affected Versions nopCommerce versions prior to 4.80.3 Description The software does not invalidate session cookies after logout or session termination. This allows an attacker with a valid session cookie to access privileged endpoints, such as '/admin', even...

nopCommerce 安全漏洞

nopCommerce is a suite of open source, general purpose e-commerce platforms from nopCommerce, Inc. A security vulnerability exists in nopCommerce versions prior to 4.70 and 4.80.3, which stems from a failure to invalidate a session cookie after logout or session termination, which could lead to...