CVE-2026-30224

Technical details for CVE-2026-30224 are not publicly provided in the provided documents; no affected product/version or remediation specifics are included beyond the initial description. Monitor for updates from official advisories.

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

OliveTin 代码问题漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 300.11.1 had code vulnerabilities. These vulnerabilities stemmed from the lack of server-side session revocation when users log out, allowing attackers to continue authenticating after logging out usin...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

GHSA-GQ2M-77HF-VWGH OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session

Summary OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year. An attacker with a previously stolen or captured session cookie can continue authenticating...

OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session

Summary OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year. An attacker with a previously stolen or captured session cookie can continue authenticating...

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

PT-2026-23614

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin does not properly invalidate server-side sessions upon user logout. Although the browser cookie is cleared during logout, the corresponding session remains valid in server storage until...

EUVD-2025-208279

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...