parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

EUVD-2026-20030

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-1163

CVE-2026-1163 describes an insufficient session expiration in the latest version of parisneo/lollms, where active sessions are not invalidated after a password reset due to missing logic to reject idle requests and a default 31-day session duration. This enables a compromised account to retain ac...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing authenticated sessions after a password reset or password change process. An attacker can maintain unauthorized access to an account by reusing a previously obtained...

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

EUVD-2024-21081

Malicious code in bioql PyPI...

CVE-2025-43819

CVE-2025-43819 affects Liferay Portal (7.3.3.131–7.4.3.121) and Liferay DXP (2024.Q1.1–Q4.3 across 2024.Q1–Q4). Root cause is Insufficient Session Expiration via the SLO API, allowing remote, unauthenticated attackers to reuse a stale session and gain an authenticated context. Impact is potential...

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

CVE-2021-37866

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization...

CVE-2024-23586

HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information...

CVE-2024-23586 An insufficient session timeout vulnerability affects HCL Nomad server on Domino

HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information...

HCL Nomad 安全漏洞

HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL USA. A security vulnerability exists in HCL Nomad that stems from vulnerability to insufficient session expiration, where an unauthenticated attacker can obtain old session...

PT-2024-19949 · Hcl · Hcl Nomad

Name of the Vulnerable Software and Affected Versions: HCL Nomad affected versions not specified Description: The issue is related to insufficient session expiration, which under certain circumstances could allow an unauthenticated attacker to obtain old session information. Recommendations: At t...

CVE-2024-29402

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity...

CVE-2024-29402

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity...

CVE-2024-29402

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity...

CVE-2024-29402

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity...