CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

EUVD-2026-30329

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

CVE-2026-6203

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirecttoonlogout' GET parameter before redirecting users. The redirecttoonlogout GET paramet...

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

OliveTin 代码问题漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 300.11.1 had code vulnerabilities. These vulnerabilities stemmed from the lack of server-side session revocation when users log out, allowing attackers to continue authenticating after logging out usin...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

CVE-2025-64074

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

CVE-2025-64074

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

CVE-2025-64074

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

CVE-2025-64074

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

PT-2026-7740

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

CVE-2025-64074

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...

CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

PT-2026-3305

Name of the Vulnerable Software and Affected Versions Chamillo LMS version 1.11.2 Description The Social Network /personal data API endpoint in Chamillo LMS does not implement proper cache control, leading to exposure of full sensitive user information even after logout. Utilizing the browser bac...

CVE-2025-59949

CVE-2025-59949 affects FreshRSS prior to version 1.27.1. The root cause is a logout-related cross-site request forgery (CSRF) flaw that can lead to a denial of service (DoS) via the logout process (described as vulnerability via ). The affected component is the logout flow in FreshRSS’s web inter...

PT-2025-52281

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-66963

An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html...

CVE-2025-66963

An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html...

Improper Authentication

Strapi is vulnerable to improper authentication. The vulnerability is due to JSON Web Tokens not being invalidated after logout or deactivation, along with a publicly accessible /admin/renew-token endpoint, which allows an attacker to reuse or indefinitely renew stolen tokens to maintain...