2345 matches found
CVE-2025-64074
CVE-2025-64074 concerns Shenzhen Zhibotong Electronics ZBT WE2001 (firmware version 23.09.27). A path-traversal vulnerability in the logout functionality could allow remote attackers to delete arbitrary host files by supplying a crafted session cookie value. The description does not specify affec...
CVE-2025-64074
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...
ZBT WE2001 安全漏洞
ZBT WE2001 is a wireless router produced by ZBT Technology Co., Ltd. Version 23.09.27 of ZBT WE2001 contains a security vulnerability. This vulnerability stems from path traversal vulnerabilities in the logout function, which could allow remote attackers to delete any file on the host...
PT-2026-7740
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...
CVE-2025-64074
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value...
CVE-2024-43181
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
EUVD-2024-55397
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-43181
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-43181
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-43181 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-43181
IBM Concert Software versions 1.0.0–2.1.0 do not invalidate sessions after logout, enabling an authenticated user to impersonate another user. Red Hat and ENISA entries confirm this behavior across multiple feeds. Root cause: insufficient session invalidation on logout. Impact: potential account ...
CVE-2024-43181
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
PT-2026-5867
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software does not invalidate user sessions after logout. This could allow an authenticated user to impersonate another user on the system. Recommendations Update to a version later than...
IBM Concert 代码问题漏洞
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert that stems from a failure to disable a session after logging out, which could be exploited ...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...
CVE-2026-0832
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...
CVE-2026-0832 New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...
EUVD-2026-4914
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...