88 matches found
EUVD-2020-27331
Malware in sbrugna...
CVE-2025-59335 CubeCart Session Not Invalidated After Password Change
CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized use...
CVE-2025-4643
The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...
Linux Distros Unpatched Vulnerability : CVE-2024-58237
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence,...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from improperly invalidated personal access tokens, which can be exploited by an attacker to maintain full system access...
SUSE CVE-2021-47639
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
PT-2024-27940 · Ibm · Ibm Aspera Shares
Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.0 through 1.10.0 PL3 Description: The issue allows an authenticated user to impersonate another user on the system because sessions are not invalidated after a password reset. Recommendations: For IBM Aspera Share...
IBM Cloud Pak for Security和IBM QRadar Suite 代码问题漏洞
IBM Cloud Pak for Security and IBM QRadar Suite are both products of International Business Machines IBM, U.S.A. IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automate...
DEBIAN-CVE-2024-26832
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after we get a folio from readswapcacheasync, we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it wa...
Alf.io Code Issue Vulnerability
alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from allowing users after invalidated/deleted to access administrative areas...
PT-2024-13219 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3 Description: The issue allows an authenticated user to impersonate another user on the system due to the failure to invalidate session after logout...
AnyDesk < 8.0.8 Invalidated Signing Certificate
A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be invalidated. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...
SUSE: Security Advisory (SUSE-SU-2023:4210-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-28316
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled...
CVE-2023-22492 RefreshToken invalidation vulnerability
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...
CVE-2022-40160
DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...
UBUNTU-CVE-2022-40159
DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...
CVE-2022-40159
DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...
Security Bulletin: Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2013-4002, CVE-2013-5409, CVE-2013-5405, CVE-2013-5406, CVE-2013-5407, CVE-2013-5411, CVE-2013-5413)
Abstract IBM Sterling B2B Integrator 5.2 and IBM Sterling File Gateway 2.2 are affected by multiple security vulnerabilities. These vulnerabilities include: - Denial of Service - SQL Injection - Cross-Site Scripting - Windows MHTML Cross-Site Scripting - Frame Injection - Link Injection -...
Code injection
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...