CVE-2025-48061

CVE-2025-48061 affects the wire-webapp (Wire) web client. A regression in the session invalidation process allowed a user who logged out to be automatically re-authenticated when re-opening the app. This issue is present in versions up to but not including 2025-05-20-production.0; the underlying ...

CVE-2020-5934

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

CVE-2019-6584

A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

CVE-2012-1897

Multiple cross-site request forgery CSRF vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 delete users via the user id number to admin/user/delete; 2 delete pages via the page id number to admin/page/delete;...

CVE-2012-4581

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...

PT-2025-22525 · Unknown · Wire-Webapp

Name of the Vulnerable Software and Affected Versions: wire-webapp versions prior to 2025-05-14-production.0 Description: A regression issue in the function to delete local data causes the client's local database not to be deleted upon user logout, even when instructed to do so. This affects both...

CVE-2007-6763

SAS Drug Development SDD before 32DRG02 mishandles logout actions, which allows a user who was previously logged in to access resources by pressing a back or forward button in a web browser...

CVE-2008-7241

Cross-site request forgery CSRF vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout...

DRUPAL-CONTRIB-2025-068

The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events login, logout, and password reset requests. The module does not sufficiently limit some large values befo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ksmbd not properly handling sess-user references during session logout, which could lead to reuse after release...

CVE-2025-4819

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

📄 Economizzer 0.9-beta1 Session Invalidation

Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the batchForceLogout operation, accessible via the /monitor/online/batchForceLogout endpoint. A user can bypass authorization controls to force another user offline by supplying a different user's ID in the ids...

CVE-2025-4819

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...