CVE-2025-25019

CVE-2025-25019 affects IBM QRadar Suite Software versions 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue stems from a failure to invalidate sessions after logout, enabling an attacker to impersonate another user. IBM’s advisories indicate a remediation path: upgra...

IBM Cloud Pak for Security和IBM QRadar Suite 代码问题漏洞

IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster.IBM QRadar Suite is an integrated security information and event management SIEM solution for...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2025-27955

The CVE-2025-27955 entry concerns Carestream Health’s Clinical Collaboration Platform v12.2.1.5. A weak logout system leaves the session token valid after logout, enabling a remote attacker to access sensitive information and potentially execute arbitrary code. Affected software: Clinical Collabo...

PT-2025-23549 · Unknown · Clinical Collaboration Platform

Name of the Vulnerable Software and Affected Versions: Clinical Collaboration Platform version 12.2.1.5 Description: The issue is related to a weak logout system in the Clinical Collaboration Platform, where the session token remains valid after a user logs out. This allows a remote attacker to...

Carestream Health Clinical Collaboration Platform 安全漏洞

Carestream Health Clinical Collaboration Platform is a clinical assistance platform from Carestream Health, USA. A security vulnerability exists in Carestream Health Clinical Collaboration Platform version 12.2.1.5, which stems from a weak logout system and could lead to accessing sensitive...

CVE-2025-33005

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...

IBM Planning Analytics Local 代码问题漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...

BIT-MOODLE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF...

CVE-2025-5132

A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-48061

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...

Tmall_demo 安全漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a cross-site request forgery due to misuse of the file tmall/admin/account/logout...

PT-2025-22847 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A vulnerability was found in the processing of the file tmall/admin/account/logout, which leads to cross-site request forgery. The attack may be initiated remotely. The issue affects some unknown...

CVE-2024-52311

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired...

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

CVE-2024-31447

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...