CVE-2026-33782

CVE-2026-33782 affects Junos OS on MX Series running DHCP daemon (jdhcpd). In specific DHCPv6 scenarios (DHCPv6 over PPPoE or VLAN with Active lease query or Bulk lease query), every subscriber logout leaks memory, leading to memory exhaustion, jdhcpd crash, and a full service impact until recove...

CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue...

CVE-2023-22732

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.3.0p30, prior to 2.2.0p41, and 2.1.0p49, which stems from the possibility that session logouts may be overwritten...

Graylog session fixation vulnerability through cookie injection

Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...

CVE-2023-29463

The CVE-2023-29463 issue affects Rockwell Automation Pavilion8: the JMX Console is publicly accessible and requires no authentication, enabling a malicious user to retrieve other users’ session data or log them out. Affected product: Pavilion8 (model predictive control software); affected version...

CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"...

WordPress Plugin Online Booking & Scheduling Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-3042 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks' SCADA Data Gateway version = v5.01.03 Description: The issue is related to the lack of authentication for a critical function in the WebMonitor component of the SCADA Data Gateway. An unauthenticated attacker can send...

gnome-session bug fix and enhancement update

An update is available for gnome-session. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-session package manages the GNOME desktop session. It starts ...

gnome-session bug fix and enhancement update

The gnome-session package manages the GNOME desktop session. It starts up other core components of GNOME and handles logouts and saving of the sessions. Bug Fixes and Enhancements: gnome-session kiosk-session support still isn't up to muster BZ1959505...

CVE-2021-32541

CVE-2021-32541: A vulnerability in the CTS Web transaction system’s authentication and session management allows remote unauthenticated actors to flood with valid usernames and force logged-in users to log out, potentially denying access to services. The issue is tied to an incorrect implementati...

嘉实资讯 CTS Web transaction system 授权问题漏洞

CTS Web transaction system is a CTS Web transaction system from Cascade Information Technology, Taiwan. The CTS Web transaction system suffers from an authorization issue vulnerability that stems from an incorrect implementation of the CTS Web transaction system related to authentication and...

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...

April 25, 2017—KB4016240 (OS Build 15063.250)

April 25, 2017—KB4016240 OS Build 15063.250 Improvements and fixes This non-security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where VMs might experience loss in network connectivity while...

Insecure Logout

intercom-rails is vulnerable to insecure logouts. The library does not delete cookies on a user logging out, meaning that users aren't properly signed out, allowing a malicious user to access the system as a different user...