2409 matches found
CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...
CVE-2026-44511
Katalyst Koi (Rails admin framework) had a session-cookie handling flaw: before versions 4.20.0 and 5.6.0, admin session cookies were not invalidated at logout, allowing an attacker with a valid cookie to access admin functionality after logout until expiration or rotation. Affected versions incl...
Katalyst Koi 代码问题漏洞
Katalyst Koi is an open-source framework developed by Katalyst Interactive for building and managing backend features. Versions of Katalyst Koi prior to 4.20.0 and 5.6.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the administrator session cookie did not expir...
Insufficient Session Expiration
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...
GHSA-FPW6-HRG5-Q5X5 ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
Summary Access tokens created with the "never expire" option have no exp JWT claim. Three independent revocation mechanisms fail for this token type. Logout at internal/handler/auth/auth.go:154 and :163 dereferences claims.ExpiresAt.Time, panicking on the nil field so the token never hits the...
CVE-2026-41669
Admidio prior to version 5.0.9 suffers a SAML signature validation bypass: validateSignature() can return an error message or false, but its return value is discarded by both handleSSORequest() and handleSLORequest(), so unsigned or invalidly signed AuthnRequests/LogoutRequests are processed like...
CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...
CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...
CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...
GHSA-4CX3-3C38-J9VV katalyst-koi: Session cookies can be replayed after user logout
Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...
katalyst-koi: Session cookies can be replayed after user logout
Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...
PT-2026-38363
Name of the Vulnerable Software and Affected Versions Katalyst Koi versions prior to 5.6.0 Katalyst Koi versions prior to 4.20.0 Description Admin session cookies are not invalidated upon logout. This allows an attacker who has obtained a valid admin session cookie—through exposure, caching, or...
Session cookies can be replayed after user logout
Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...
GHSA-25CW-98HG-G3CG Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests
Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...
Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests
Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...
CVE-2026-6203
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirecttoonlogout' GET parameter before redirecting users. The redirecttoonlogout GET paramet...
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...
CVE-2026-41133
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...
CVE-2026-41126
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...
BigBlueButton 输入验证错误漏洞
BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.24 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection issue in the get-parameter and logoutURL...