Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient TLB invalidation during memory compression in the Alpha architecture. This...

ARM CPU 安全漏洞

ARM CPUs are a family of central processing units from the British company ARM. The ARM CPUs suffer from a security vulnerability that stems from the possibility that the CPP RCTX instruction may inhibit TLB invalidation, causing the PE to retain stale TLB entries that should be invalidated by TL...

EUVD-2025-14680

Malicious code in bioql PyPI...

EUVD-2024-42139

Malicious code in bioql PyPI...

EUVD-2024-19919

Malicious code in bioql PyPI...

EUVD-2025-16186

Malicious code in bioql PyPI...

CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

CVE-2023-38018

IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574...

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

GHSA-6RQH-8465-2XCW Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...

Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...

CVE-2025-24859 Apache Roller: Insufficient Session Expiration on Password Change

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...

Linux Distros Unpatched Vulnerability : CVE-2023-46837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes...

CVE-2023-32997

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login...

CVE-2023-24444

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...

CVE-2022-41291

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699...

Shopware 代码问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.A trust management issue vulnerability exists in versions of Shopware prior to 5.7.7, which stems from the fact that shopware does not invalidate a user's session when a password is changed. An attacker could...