CVE-2025-59841

Flag Forge CT F’s CVE-2025-59841 describes a flaw in session invalidation for versions 2.2.0 through 2.3.0, allowing authenticated users to access protected endpoints (e.g., /api/profile) after logout and leaving CSRF tokens valid post-logout. The issue is mitigated by upgrading to version 2.3.1,...

CVE-2021-35342

The useradm service 1.14.0 in Northern.tech Mender Enterprise 2.7.x before 2.7.1 and 1.13.0 in Northern.tech Mender Enterprise 2.6.x before 2.6.1 allows users to access the system with their JWT token after logout, because of missing invalidation if the JWT verification cache is enabled...

CVE-2019-0352

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages like jsp are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout...

Envoy: Authentication Bypass

During the testing i found that able to access the account section of the page even after logout. Screenshot attached for your reference which shows that account section is accessible after logout. Screenshot attached for your reference. Please let me know if you need more information on this. Cu...