CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

Red Hat build of Keycloak 授权问题漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An authorization issue vulnerability exists in the Red Hat build of Keycloak that stems from session identifier reuse and improper cleanup upon logout, which could lead to a user accidentally obtaining another...

PT-2025-44156

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that could allow a user to gain unintended access to another user's session when both users share the same device and browser. This occurs because Keycloak may reus...

CVE-2025-12278

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-35946

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12278

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12278

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12278

CVE-2025-12278 describes a logout functionality issue affecting Azure Access Technology’s BLU-IC2 and BLU-IC4 networked access controllers. Connected sources provide concrete details: affected products are BLU-IC2 and BLU-IC4, with versions through 1.19.5 (inclusive). The root cause is a logout f...

CVE-2025-12278 Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12278 Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-43753

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The logout functionality is not working as expected. Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC4 to a version later than 1.19.5...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from a failed logout feature. No...

EUVD-2025-35926

The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...

CVE-2025-11255

The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...

CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out

The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a premature logout of the ipvsftp module, which could lead to reuse after release...

IBM Transformation Extender Advanced Logout Without Disabling Session Vulnerability

IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a Logout Without Disabling Session vulnerability, which can be exploited by an attacker to...

CVE-2025-3930

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

EUVD-2025-34751

Strapi is vulnerable to Insufficient Session Expiration...