CVE-2025-12624

WSO2 Identity Server is affected by CVE-2025-12624, where active access tokens are not revoked when a user account is locked. The underlying issue is a failure to enforce revocation of previously issued, valid tokens, allowing locked accounts to maintain access to protected resources via unexpire...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper invalidation of certain syntactic patterns during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

EUVD-2018-4185

Malware in sbrugna...

Bank Locker Management System Session Hijacking Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...

PHPGurukul Student Result Management System 安全漏洞

Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...

PHPGurukul e-Diary Management System 安全漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...

PHPGurukul Blood Bank & Donor Management System 安全漏洞

PHPGurukul Blood Bank & Donor Management System is a blood bank and donor management system from PHPGurukul. A security vulnerability exists in PHPGurukul Blood Bank & Donor Management System version v2.4, which stems from an improperly invalidated session in the component...

CVE-2025-0249

CVE-2025-0249 affects HCL IEM with an improper invalidation of access or JWT tokens. The root cause is a token not being invalidated, potentially allowing unauthorized access to sensitive data. Public details in the provided documents indicate information disclosure risk (confidentiality impact) ...

Insufficient Session Expiration

github.com/greenpau/caddy-security is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain...

CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

PT-2019-16932 · Ibm · Ibm Security Access Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager versions 9.0.1 through 9.0.6 Description: The issue is related to the improper invalidation of session tokens, which may allow attackers with local access to log into a closed browser session due to the lack of...