2356 matches found
CVE-2025-11255
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a premature logout of the ipvsftp module, which could lead to reuse after release...
IBM Transformation Extender Advanced Logout Without Disabling Session Vulnerability
IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a Logout Without Disabling Session vulnerability, which can be exploited by an attacker to...
CVE-2025-3930
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
CVE-2025-47148
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
EUVD-2025-34751
Strapi is vulnerable to Insufficient Session Expiration...
Insufficient Session Expiration
Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate JWT after logout or account deactivation. An attacker can maintain unauthorized access by reusing a stolen or intercepted token until it...
Strapi is vulnerable to Insufficient Session Expiration
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
CVE-2025-3930
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
CVE-2025-3930
Strapi is affected by CVE-2025-3930 due to improper JWT handling: after logout or account deactivation, tokens are not invalidated, enabling an attacker to reuse stolen or intercepted tokens until their expiry. The presence of the publicly accessible /admin/renew-token endpoint further enables ne...
Strapi 代码问题漏洞
Strapi is an open source content management system CMS from the French strapi community. A code issue vulnerability exists in Strapi versions prior to 5.24.1, which stems from the failure to invalidate the JWT after logging out or deactivating an account and the presence of the /admin/renew-token...
EUVD-2025-34655
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148
CVE-2025-47148 affects BIG-IP with APM/SSL Orchestrator when configured as both SAML SP and IdP with SLO enabled; undisclosed requests can cause memory resource exhaustion, leading to DoS on the BIG-IP data plane. F5’s October 2025 security bundle K000156572 provides fixes across multiple branche...
CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
F5 Networks BIG-IP : BIG-IP APM and SSL Orchestrator vulnerability (K000148816)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000148816 advisory. When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service...