CVE-2022-25590

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application...

CVE-2009-5085

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions vi...

CVE-2025-24896

CVE-2025-24896 concerns Misskey, an open-source federated social platform. A login token named token is stored in a cookie for Bull Dashboard authentication and is not deleted after logout in versions up to 12.109.0 and before 2025.2.0-alpha.0, potentially exposing the token to others on public o...

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...