2352 matches found
CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization
A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...
CVE-2025-46743
An authenticated user's token could be used by another source after the user had logged out prior to the token expiring...
CVE-2025-40566
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...
CVE-2025-40566
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...
CVE-2025-40566
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...
CVE-2025-40566
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...
CVE-2025-46743
An authenticated user's token could be used by another source after the user had logged out prior to the token expiring...
CVE-2025-46743
CVE-2025-46743 describes an issue where an authenticated user’s token could be reused by another source after logout but before the token expired. Connected sources reference Schweitzer Engineering Laboratories (SEL) products (e.g., SEL-5033 RTAC Software, SEL-5702 PMU, SEL-5035 Diagram Builder) ...
CVE-2025-46743 Cross-Site Request Forgery
An authenticated user's token could be used by another source after the user had logged out prior to the token expiring...
SCHWEITZER ENGINEERING LABORATORIES多款产品 安全漏洞
Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software and more are products of Schweitzer Engineering Laboratories, Inc. of the U.S.A. Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software is a graphical, easy-to-use tool that helps users quickly and easily...
PT-2025-20715 · Schweitzer Engineering Laboratories · Sel Blueframe Os
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An issue allows an authenticated user's token to be used by another source after the user has logged out, prior to the token expiring. Recommendations: At the moment, there is no information...
CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect
A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...
SUSE CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
moodle-auth_userkey 输入验证错误漏洞
moodle-authuserkey is a Catalyst IT open source Auth plugin for organizing simple SSO Single Sign-On between Moodle and external web applications. An input validation error vulnerability exists in moodle-authuserkey version 20220819, which stems from an open redirect due to incorrect manipulation...
SUSE CVE-2025-32441
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...
DEBIAN-CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
UBUNTU-CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
CVE-2025-46336
CVE-2025-46336 affects Rack::Session within the Rack::Session::Pool middleware. In versions 2.0.0 up to but not including 2.1.1, if an attacker has a valid session cookie and can trigger a long-running request adjacent to a user logout, the session may be restored, allowing illicit access after l...
CVE-2025-46336 Rack session gets restored after deletion
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
DEBIAN-CVE-2025-32441
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...