CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642

The CVE concerns haxcms-nodejs and haxcms-php backends for HAXcms. The logout flow does not terminate the user session or clear cookies, and a refresh token is issued on logout, enabling potential continued access. Affected versions are haxcms-nodejs and haxcms-php prior to 11.0.6. The issue is m...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-52988

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted argument...

CVE-2025-52988

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted argument...

gnuboard5 安全漏洞

gnuboard5 is an application by kagla personal developer. A security vulnerability exists in gnuboard5 version 5.5.16, which stems from insufficient validation of URL parameters in bbs/logout.php and could lead to an open redirection attack...

📄 Mouselink 5.0.1 Unauthenticated Remote System Control

Mouselink version 5.0.1 is vulnerable to JWT authentication bypass, allowing remote attackers to perform system-level actions such as shutdown, restart, sleep, and logout without valid credentials. Exploit Title: Mouselink 5.0.1 - Unauthenticated Remote System Control Date: 26/06/25 Exploit Autho...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse issue with firmwareloader on logout...

EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

GHSA-F7GQ-H8JV-H3CQ ash_authentication_phoenix has Insufficient Session Expiration

Impact Session tokens remain valid on the server after user logout, creating a security gap where: - Compromised tokens via XSS, network interception, or device theft continue to work even after the user logs out - The sessions stored in the database still expire, limiting the duration during whi...

ash_authentication_phoenix has Insufficient Session Expiration

Impact Session tokens remain valid on the server after user logout, creating a security gap where: - Compromised tokens via XSS, network interception, or device theft continue to work even after the user logs out - The sessions stored in the database still expire, limiting the duration during whi...

PT-2025-25659 · Ash · Ash Authentication Phoenix

Name of the Vulnerable Software and Affected Versions: ash-project ash authentication phoenix versions prior to 2.10.0 Description: The issue affects the ash authentication phoenix library, where session tokens remain valid on the server after a user logs out. This creates a security gap where...

PT-2025-25516 · Jflyfox · Jfinalcms

Name of the Vulnerable Software and Affected Versions: jflyfox jfinal cms version 5.0.1 Description: A cross-site request forgery issue has been identified, affecting the HOME.java file. The manipulation of the Logout argument can lead to this issue. The attack can be initiated remotely...

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

CVE-2025-31482

CVE-2025-31482 – FreshRSS denial of service via logout . Affected: FreshRSS versions prior to 1.26.2. Vulnerability causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively resulting in denial of service. Root cause details are not elaborated beyond the observe...

CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2025-25019

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system...