Unity Linux 20.1070e Security Update: gnome-shell (UTSA-2026-016740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016740 advisory. An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappea...

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

EUVD-2024-55397

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

Turbo Frame responses can restore stale session cookies

Summary A race condition in Turbo Frames allows delayed HTTP responses to restore stale session cookies after session-modifying operations. Details Browsers automatically process Set-Cookie headers from HTTP responses. When a Turbo Frame request is in-flight during a session-modifying action such...

CVE-2023-50941

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...

CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

CVE-2025-11699

CVE-2025-11699 affects nopCommerce: versions 4.70 and earlier, and 4.80.3, fail to invalidate session cookies after logout, enabling a valid session cookie to access privileged endpoints (e.g., /admin) post-logout and risk session hijacking. The data indicates that any version above 4.70 that is ...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

PT-2025-47368

Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.307 Description Wiki.js does not properly revoke or invalidate active JWT tokens when a user logs out. This allows previously issued tokens to remain valid and be reused to access the system, even after logout. The issue...

CVE-2025-56643

CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

PT-2025-45393

Name of the Vulnerable Software and Affected Versions Red Hat Single Sign-On affected versions not specified Description An Open Redirect issue exists in Red Hat Single Sign-On during the logout process. The redirect uri parameter within the openid-connect logout protocol does not properly valida...

EUVD-2025-35946

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-43753

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The logout functionality is not working as expected. Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC4 to a version later than 1.19.5...

Strapi 代码问题漏洞

Strapi is an open source content management system CMS from the French strapi community. A code issue vulnerability exists in Strapi versions prior to 5.24.1, which stems from the failure to invalidate the JWT after logging out or deactivating an account and the presence of the /admin/renew-token...

EUVD-2021-24344

Malware in sbrugna...

EUVD-2021-22826

Malware in sbrugna...

EUVD-2011-1328

Malware in sbrugna...

EUVD-2019-16143

Malware in sbrugna...