Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52095

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.2 Rocket.Chat versions prior to 8.3.4 Rocket.Chat versions prior to 8.2.4 Rocket.Chat versions prior to 8.1.5 Rocket.Chat versions prior to 8.0.6 Rocket.Chat versions prior ...

2.3CVSS5.8AI score0.00215EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.4AI score0.0021EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/15 6:46 a.m.5 views

Improper Session Invalidation

github.com/usememos/memos is vulnerable to improper session invalidation. The vulnerability is due to access tokens not being revoked after a password change, which allows an attacker to retain unauthorized access using previously issued valid tokens...

7.5CVSS5.8AI score0.00254EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/08 3:32 a.m.7 views

GHSA-8JG2-726G-XH43 parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.8AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 11:16 p.m.10 views

CVE-2026-28275

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

8.1CVSS0.00369EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20391

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS5.5AI score0.00367EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/14 7:19 a.m.6 views

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

6.3CVSS7AI score0.00275EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29735

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0026EPSS
Exploits0References5
OSV
OSV
added 2025/09/17 4:52 p.m.4 views

CVE-2025-35433 CISA Thorium does not properly invalidate previously used tokens

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1...

2.3CVSS6.3AI score0.0026EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.5 views

PT-2023-25374 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to Mattermost failing to invalidate previously generated password reset tokens when a new reset token is created. This allows potentially unauthorized access through...

8.2CVSS7.9AI score0.00287EPSS
Exploits0References8
OSV
OSV
added 2022/07/06 12:0 a.m.46 views

GHSA-XV59-GC3R-RF92 Insufficient Session Expiration in Nakama

Old session tokens can be used to authenticate to the application and send authenticated requests...

7.5CVSS7.3AI score0.00818EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2018/02/13 3:48 p.m.8 views

Dashbuilder: insecure handling of CSRF token

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...

8.8CVSS5.7AI score0.01126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/03/16 9:9 p.m.9 views

Dashbuilder: insecure handling of CSRF token

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...

8.8CVSS5.7AI score0.01126EPSS
Exploits0References4
Rows per page
Query Builder