2345 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the ValidateEncodedLogoutRequestPOST function. An attacker can terminate arbitrary user sessions by sending a forged, unsigned SAML LogoutRequest to the Single Logout endpoint, even...
GHSA-PCGW-QCV5-H8CH Unsigned SAML LogoutRequest Acceptance in gosaml2
Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...
DRUPAL-CONTRIB-2026-030
This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...
Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030
This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...
PT-2026-26218
Name of the Vulnerable Software and Affected Versions Drupal Automated Logout versions 0.0.0 through 1.6.9 Drupal Automated Logout versions 2.0.0 through 2.0.1 Description The Automated Logout module for Drupal does not adequately protect its routes against Cross-Site Request Forgery CSRF. This...
EUVD-2025-208693
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15553
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15553 Insecure Logout Functionality in Truesec LAPSWebUI
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15553 Insecure Logout Functionality in Truesec LAPSWebUI
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15553
CVE-2025-15553 affects Truesec LAPSWebUI, with insecure logout functionality prior to version 2.4. The issue enables privilege escalation when an attacker with workstation access can obtain the local admin password, exposing HIGH confidentiality and HIGH integrity impact on the targeted system. R...
CVE-2025-15553
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
PT-2026-25676
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
Truesec LAPSWebUI 安全漏洞
Truesec LAPSWebUI is a web-based management interface provided by the Swedish company Truesec. Versions of Truesec LAPSWebUI prior to version 2.4 contained security vulnerabilities. These vulnerabilities stemmed from a malfunctioning logout function, which could allow attackers to gain elevated...
GO-2026-4623 OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information (CVE-2024-39275)
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. This plugin...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224
Technical details for CVE-2026-30224 are not publicly provided in the provided documents; no affected product/version or remediation specifics are included beyond the initial description. Monitor for updates from official advisories.
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...