CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

CVE-2025-27847

CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...

CVE-2025-8737

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirecturl leads to open...

CVE-2025-8737

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirecturl leads to open...

CVE-2025-8737 zlt2000 microservices-platform OauthLogoutSuccessHandler.java onLogoutSuccess redirect

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirecturl leads to open...

CVE-2025-8737

The CVE-2025-8737 entry concerns zlt2000 microservices-platform (up to 6.0.0). A vulnerability exists in the onLogoutSuccess function (OauthLogoutSuccessHandler.java) where manipulating the redirect_url argument causes an open redirect. Exploitation can be performed remotely, and public disclosur...

CVE-2025-8737 zlt2000 microservices-platform OauthLogoutSuccessHandler.java onLogoutSuccess redirect

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirecturl leads to open...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

PT-2025-32408 · Unknown · Zlt2000 Microservices-Platform

Name of the Vulnerable Software and Affected Versions: zlt2000 microservices-platform versions through 6.0.0 Description: A problematic issue exists in zlt2000 microservices-platform. The issue is related to an open redirect vulnerability within the onLogoutSuccess function located in the file...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

SUSE CVE-2025-53826

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser's authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

PT-2025-32180 · Gatling · Gatling Enterprise

Name of the Vulnerable Software and Affected Versions: Gatling Enterprise versions prior to 1.25.0 Description: A user logging out of Gatling Enterprise may still be able to use their session token to continue accessing the application without session expiration. This is due to incorrect session...

Gatling Enterprise 安全漏洞

Gatling Enterprise is a load testing and performance testing management platform from Gatling France. A security vulnerability exists in Gatling Enterprise versions prior to 1.25.0 that stems from improper session management and could result in session tokens remaining available after logout...

GO-2025-3812 File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser

File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser...

Insufficient Session Expiration

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper handling of JWT tokens in the session process. An attacker can maintain unauthorized access to a user session by reusing a...

File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

GHSA-7XWP-2CPP-P8R7 File Browser’s insecure JWT handling can lead to session replay attacks after logout

Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout session replay...

CVE-2025-53642

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...