2346 matches found
CVE-2025-36063
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36063
The vulnerability CVE-2025-36063 affects IBM Sterling Connect:Express Adapter for Sterling B2B Integrator, version 5.2.0.00–5.2.0.12. The root cause is that the adapter does not invalidate the user session after logout, potentially allowing an authenticated user to impersonate another user in the...
CVE-2025-36063
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36063 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...
Turbo security vulnerabilities
Turbo is a code development tool open source by Hotwire. Versions of Turbo prior to 8.0.x contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the turbo-frame element handler, which could lead to failed logouts and the reapplication of session cookies after a...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
PT-2026-3587
Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 Description The software does not invalidate session data after a user logs out. This could potentially allow an authenticated user to...
PT-2026-3642
Name of the Vulnerable Software and Affected Versions Hotwired Turbo versions prior to 8.0.0 Description A race condition exists in the turbo-frame element handler. This issue can cause logout operations to fail when delayed frame responses reapply session cookies after a user has logged out...
CVE-2025-66803
CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
MiracleLinux 7 : mod_auth_openidc-1.8.8-7.el7 (AXSA:2020-741:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-741:01 advisory. modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 modauthopenidc: Open redirect issue exists in URLs wi...
CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...
CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...
📄 Chamillo LMS 1.11.2 Missing Cache Header
Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure. CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
Chamillo LMS 1.11.2 has a data exposure flaw on the Social Network /personal_data endpoint due to missing cache-control headers. This allows unauthorized users on the same device to view full sensitive user data after logout (via the browser back button). Root cause: improper cache control. Impac...