EUVD-2023-45108

Malicious code in bioql PyPI...

EUVD-2022-4609

Malicious code in bioql PyPI...

CVE-2023-49881

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2023-49881

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2023-49881 IBM Transformation Extender Advanced session fixation

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2023-49881 IBM Transformation Extender Advanced session fixation

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2023-49881

CVE-2023-49881 affects IBM Transformation Extender Advanced 10.0.1. The root cause is that the product does not invalidate the user session after logout, enabling an authenticated user to impersonate another user on the system. Concretely, multiple connected sources corroborate this issue across ...

IBM Transformation Extender Advanced 代码问题漏洞

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. A code issue vulnerability exists in IBM Transformation Extender Advanced version 10.0.1 that stems from a failure to disable a session after loggi...

PT-2025-40275

Name of the Vulnerable Software and Affected Versions IBM Transformation Extender Advanced version 10.0.1 Description The software does not invalidate the session after a user logs out. This could allow an authenticated user to impersonate another user on the system. Recommendations At the moment...

CVE-2025-54592

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

CVE-2025-54592

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

CVE-2025-54592

Vulnerability overview: FreshRSS

CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This...

FreshRSS 代码问题漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A code issue vulnerability exists in FreshRSS 1.26.3 and prior versions that stems from a failure to properly terminate a session when logging out, which could lead to session hijacking and fixed vulnerabilities...

PT-2025-39903

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS does not properly end a user session when they log out. The session cookie remains active and can be reused by an attacker to start a new session, potentially leading to session hijacking...

CVE-2025-59841

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...

Improper Session Invalidation

payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...

CVE-2025-59841

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...