Freshworks Platform 输入验证错误漏洞

Freshworks Platform is a customer service software platform from Freshworks USA. An input validation error vulnerability exists in Freshworks Platform versions 1.2.3 and earlier, which stems from an open redirect due to a misbehavior of file/api/v2/logout with respect to the parameter...

php-saml

This is a PHP library for implementing SAML Security Assertion Markup Language authentication and authorization. It is a toolkit for adding SAML support to PHP software. The library is compatible with PHP 5.3.2 and later versions, and it uses the xmlseclibs library for XML encryption and...

Linux Distros Unpatched Vulnerability : CVE-2024-34007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. CVE-2024-34007 Note that...

SUSE CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162

A flaw was found in Envoy. A session management flaw was discovered in how Envoy's OAuth2 filter handles user logouts. This could allow a user's session to remain active even after they have logged out, creating a risk of account hijacking on a shared computer. Mitigation Mitigation for this issu...

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

Linux Distros Unpatched Vulnerability : CVE-2025-2596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Session logout could be overwritten in Checkmk GmbH's Checkmk versions 2.3.0p30, 2.2.0p41, and 2.1.0p49 EOL CVE-2025-2596 Note that Nessus relies on the presenc...

CVE-2025-4643

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

Linux Distros Unpatched Vulnerability : CVE-2021-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...

Linux Distros Unpatched Vulnerability : CVE-2022-30768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or...

Linux Distros Unpatched Vulnerability : CVE-2019-7313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects...

GHSA-5V66-M237-HWF7 Payload does not invalidate JWTs after log out

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

Payload does not invalidate JWTs after log out

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

Insufficient Session Expiration

Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate JSON Web Tokens after user log out. An attacker can maintain unauthorised access by reusing a...

CVE-2025-4643

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2025-4643

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2025-4643

The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...