26 matches found
CVE-2025-64074
CVE-2025-64074 describes a path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 (version 23.09.27). A remote attacker can delete arbitrary files on the host by supplying a crafted session cookie value. The available documents do not provide concret...
CVE-2025-12278 Logout Functionality not Working
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
EUVD-2024-54090
Malicious code in bioql PyPI...
EUVD-2025-14242
Malicious code in bioql PyPI...
EUVD-2022-4292
Malicious code in bioql PyPI...
EUVD-2025-21181
Malicious code in bioql PyPI...
EUVD-2024-53100
Malicious code in bioql PyPI...
EUVD-2024-53101
Malicious code in bioql PyPI...
CVE-2024-56311
REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...
CVE-2024-12245
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...
CVE-2024-12245 Blind SQL Injection in Logout
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...
CVE-2024-12245
CVE-2024-12245 describes a blind SQL injection flaw in the logout functionality that can be exploited by unauthenticated attackers via time-based techniques to disclose database contents. Several connected records reference this vulnerability with the same core description, noting potential accou...
CVE-2024-12245 Blind SQL Injection in Logout
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2024-25977 Session Fixation
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser e.g. via XSS and prompt the victim to log in e.g. via a redirect to the login page. This results in the victim's account being taken over...
CVE-2024-25977
CVE-2024-25977 corresponds to a session-fixation vulnerability in the HAWKI interface (HAWK Digital Environments). The issue arises because the application does not change the session token on login/logout, allowing an attacker to set a victim’s token (e.g., via XSS) and prompt login, resulting i...
IBM PowerSC Session Fixation Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a session fixation vulnerability that stems from the failure to provide logout functionality, which could be exploited by an attacker to gain access to...
CVE-2023-50941 IBM PowerSC session fixation
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...
Cross-Site Request Forgery Vulnerability in Logout Functionality
Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. GET http://localhost:8080/logout Proof of Concept history.pushState'', '', '/'...
Cross-Site Request Forgery Vulnerability in Logout Functionality
Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...