5 matches found
PT-2026-38314
Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...
CVE-2025-24896
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...
CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...
CVE-2025-24896
CVE-2025-24896 concerns Misskey, an open-source federated social platform. A login token named token is stored in a cookie for Bull Dashboard authentication and is not deleted after logout in versions up to 12.109.0 and before 2025.2.0-alpha.0, potentially exposing the token to others on public o...
CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...