Lucene search
K

13 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 1:41 p.m.7 views

CVE-2026-41519 Weblate's API Token Not Invalidated on Password Change

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS5.7AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.5 views

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.8AI score0.00302EPSS
Exploits1References1
CVE
CVE
added 2025/10/13 8:54 p.m.18 views

CVE-2025-62174

Summary: Mastodon prior to versions 4.4.6, 4.3.14, and 4.2.27 fails to revoke active sessions and access tokens when an admin resets a user password via the CLI command bin/tootctl accounts modify --reset-password, allowing continued use of the account by an attacker with a compromised session/to...

3.5CVSS6.6AI score0.00197EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24832

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication...

6CVSS5.2AI score0.01009EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/14 12:0 a.m.8 views

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/14 12:0 a.m.3 views

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

7AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2025/08/14 12:0 a.m.20 views

CVE-2025-27847

CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...

4.3CVSS7.2AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2024/12/20 3:15 p.m.5 views

CVE-2024-56351

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.4 views

SUSE CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...

4.3CVSS7AI score0.00991EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/03/23 4:57 p.m.5 views

pki-core: Unprivileged users can renew any certificate

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

8.1CVSS6AI score0.01187EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/11/05 2:35 p.m.21 views

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

8.8AI score0.01298EPSS
Exploits1References3
OSV
OSV
added 2020/01/07 5:15 p.m.3 views

UBUNTU-CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.4CVSS5.8AI score0.00709EPSS
Exploits1References3
Rows per page
Query Builder