CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2340 matches found

UC Gateway Investment SiteEngine v5.0 - Open Redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. id: CVE-2008-7269 info: name: UC Gateway Investment SiteEngine v5.0 - Open...

5.8CVSS5.7AI score0.03464EPSS

Exploits0References3

Nuclei•added yesterday•43 views

EyouCMS 1.5.4 Open Redirect

EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function. id: CVE-2021-39501 info: name: EyouCMS 1.5.4 Open Redirect author: 0xAkoko severity: medium description: EyouCMS 1.5.4 is vulnerable to an Open Redirect...

6.1CVSS6.3AI score0.31906EPSS

Exploits1References5

Nuclei•added yesterday•2 views

User Registration & Membership WordPress plugin - Open Redirect

User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...

6.1CVSS5.4AI score0.00759EPSS

Exploits0References2

Nuclei•added yesterday•28 views

Microweber < 1.2.11 - Open Redirection

Open Redirect in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0597 info: name: Microweber 1.2.11 - Open Redirection author: Farish severity: medium description: | Open Redirect in Packagist microweber/microweber prior to 1.2.11. impact: | Attackers can redirect users to malicious...

6.1CVSS5.5AI score0.00964EPSS

Exploits1References4

RedhatCVE•added 2 days ago•5 views

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.4AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 2 days ago•3 views

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.4AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

6.1CVSS5.4AI score0.00009EPSS

Exploits1References1

RedhatCVE•added 2 days ago•3 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS5.5AI score0.00011EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS5.5AI score0.00083EPSS

Exploits0References2Affected Software1

Cvelist•added 2 days ago•20 views

CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

5.3CVSS0.00083EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.5AI score0.00039EPSS

Exploits0References1

GithubExploit•added 2 days ago•32 views

Dirty-cow-exploit

System Documentation Architecture - Frontend: React 19...

7.2CVSS6AI score0.93929EPSS

Exploits78

OSV•added 2 days ago•4 views

BIT-AIRFLOW-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.6AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2 days ago•9 views

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

5.3CVSS5.5AI score0.00083EPSS

Exploits0References3

Snyk•added 6 days ago•3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the auth manager logout handling where previously-issued JWT tokens are left valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually...

6.9CVSS5.5AI score0.00039EPSS

Exploits0References2