CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

EUVD-2026-34086

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

PT-2026-45947

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.6 Django versions prior to 5.2.15 Description An issue exists in the get signed cookie function within django.http.HttpRequest. The function employs a non-injective salt derivation by concatenating the cookie name...

NextCloud Server Authorization Issues Vulnerability

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility that the session cookie, which...

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

Insufficient Session Expiration

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to jupytercookiesecret never being automatically rotated or cleared. An attacker can keep or reuse authenticated session cookies after a password change by presenting a cookie signed with a secret tha...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing authenticated sessions after a password reset or password change process. An attacker can maintain unauthorized access to an account by reusing a previously obtained...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.11 contained a security vulnerability. This vulnerability stemmed from...

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

GHSA-GQ2M-77HF-VWGH OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session

Summary OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year. An attacker with a previously stolen or captured session cookie can continue authenticating...

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

EUVD-2018-8077

Malware in sbrugna...

EUVD-2021-12817

Malware in sbrugna...

CVE-2025-54592

Vulnerability overview: FreshRSS

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

!/usr/bin/env python3 """ Exploit Title: FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse Date: 2025-06-15 Exploit Author: Shahid Parvez Hakim BugB Technologies Vendor Homepage: https://www.fortinet.com Software Link: https://www.fortinet.com/products/secure-sd-wan/fortigate...

CVE-2024-50562

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session...

Fortinet FortiOS SSL-VPN 代码问题漏洞

Fortinet FortiOS SSL-VPN is a VPN software from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiOS SSL-VPN version 7.6.0, 7.4.6 and below, 7.2.10 and below, all versions of 7.0, and all versions of 6.4, which stems from an insufficient session expiration, and could allow an...

SUSE CVE-2022-48989

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookielru and usecookie If a cookie expires from the LRU and the LRUDISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscacheusecookie and begin t...

fastify session 安全漏洞

fastify session is an open source plugin for fastify. A security vulnerability exists in fastify session version 10.8.0 and earlier that stems from the reuse of a corrupted session cookie...