Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2026/04/08 3:32 a.m.9 views

parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.9AI score0.0021EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 1:8 p.m.5 views

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS5.5AI score0.00367EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/05 9:15 a.m.1 views

CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests...

8.2CVSS5.9AI score0.00818EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/07/05 8:30 a.m.27 views

CVE-2022-2306 Insufficient Session Expiration in heroiclabs/nakama

Old session tokens can be used to authenticate to the application and send authenticated requests...

8.2CVSS7.6AI score0.00818EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.6 views

Mattermost 代码问题漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. The Mattermost Boards plugin in v0.10.0 and prior versions is vulnerable to a trust management issue that stems from the lack of an effective trust management mechanism in the network system or product. An attacker could...

7.5CVSS5.7AI score0.00723EPSS
Exploits1References3
Rows per page
Query Builder