2 matches found
CVE-2025-4643
The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...
PT-2024-13219 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3 Description: The issue allows an authenticated user to impersonate another user on the system due to the failure to invalidate session after logout...