CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

Payload 代码问题漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload has a code issue vulnerability that stems from JWT not being invalidated after logout, which could lead to token reuse...

PT-2025-35200

Name of the Vulnerable Software and Affected Versions: Payload versions prior to 3.44.0 Description: Payload utilizes JSON Web Tokens JWT for authentication. Following a user logout, the JWT is not invalidated, enabling an attacker who has obtained a valid token—through theft or interception—to...

Linux Distros Unpatched Vulnerability : CVE-2018-11406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x befor...

Linux Distros Unpatched Vulnerability : CVE-2016-9851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, an...

Linux Distros Unpatched Vulnerability : CVE-2012-5868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover...

Linux Distros Unpatched Vulnerability : CVE-2024-52948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - - SecurityCVE-2024-52948 CSRF on 2FA registration - Security Open redirect vulnerability in logout CVE-2024-52948 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2025-46336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, a...

Linux Distros Unpatched Vulnerability : CVE-2021-32786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users...

Linux Distros Unpatched Vulnerability : CVE-2025-32441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a...

📄 nopCommerce 4.10 / 4.80.3 Session Invalidation

nopCommerce versions 4.10 and 4.80.3 are vulnerable to insufficient invalidation of session cookies. The application does not properly invalidate or expire authentication cookies after logout or session termination. nopCommerce v4.10 and 4.80.3 is vulnerable to Insufficient Invalidation of Sessio...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

PT-2025-33296 · Espec North America · Espec North America Web Controller

Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller versions prior to 3.3.8 Description: The web controller does not revoke user session privileges upon logout via the /api/v4/auth/ endpoint, potentially allowing continued access. Recommendations: Update to...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

ESPEC North America Web Controller 3 安全漏洞

ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America, Inc. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.8 that originates from user session privileges not being revoked upon logout...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

CVE-2025-27847

CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...

CVE-2025-8737

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirecturl leads to open...