CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224

Technical details for CVE-2026-30224 are not publicly provided in the provided documents; no affected product/version or remediation specifics are included beyond the initial description. Monitor for updates from official advisories.

PT-2026-23614

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin does not properly invalidate server-side sessions upon user logout. Although the browser cookie is cleared during logout, the corresponding session remains valid in server storage until...

EUVD-2014-6046

Malware in sbrugna...

EUVD-2015-7975

Malware in sbrugna...

CVE-2025-59841 FlagForgeCTF's Improper Session Handling Allows Access After Logout

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...

SUSE CVE-2025-53826

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser's authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

SUSE CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

Hiro: Logout Bypass Vulnerability in Hiro.so

Summary A logout bypass vulnerability has been identified on platform.hiro.so, allowing users to regain access to their session after logging out simply by pressing the back button on the browser. This issue arises due to improper session invalidation and potential caching misconfigurations. If...

DataHub 代码问题漏洞

DataHub is datahub-project open source metadata platform for a modern data stack. DataHub suffers from a code issue vulnerability that stems from the fact that session cookies are only cleared on a new login event, not on a logout event, and any logged out session cookies could be considered vali...

phpMyAdmin Bypass logout timeout

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

GHSA-R2VW-P77F-VC27 phpMyAdmin Bypass logout timeout

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

Cross-Site Request Forgery (CSRF) in liukuo362573/yishaadmin

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

ProMinent MultiFLEX M10a Controller Authentication Bypass Vulnerability

The MultiFLEX M10a Controller is a water treatment controller. An authentication bypass vulnerability exists in ProMinent MultiFLEX M10a Controller, where the logout feature in the application deletes a user's session on the client side only. An attacker can exploit the vulnerability to bypass...

DEBIAN-CVE-2016-9851

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

FantasyTote: Bypass logout

Hi again , you can logout any user by sending him this link : Poc link : https://www.fantasytote.com/logout...

Drupal Login Disable Module Security Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Login Disable is one of the modules that provides login denial functionality. A security vulnerability exists in the Drupal Login Disable module in versions 6.x-1.1 prior to 6.x-1.x and...

Slack: Logout any user of same team

It is possible for a user to logout other member of same team even if they had selected Keep me signed in option. Steps to Verify: 1. Login to your team i.e https://yourteamname.slack.com. 2. On new tab on the same browser request a url which would be like...