5 matches found
parisneo/lollms has an insufficient session expiration vulnerability
An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...
CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2022-2306
Old session tokens can be used to authenticate to the application and send authenticated requests...
CVE-2022-2306 Insufficient Session Expiration in heroiclabs/nakama
Old session tokens can be used to authenticate to the application and send authenticated requests...
Mattermost 代码问题漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. The Mattermost Boards plugin in v0.10.0 and prior versions is vulnerable to a trust management issue that stems from the lack of an effective trust management mechanism in the network system or product. An attacker could...