GHSA-66HX-CHF7-3332 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

PT-2025-46769

Name of the Vulnerable Software and Affected Versions Frappe Learning versions 2.0.0 through 2.40.9 Description Frappe Learning is a learning system used to structure content. A flaw exists where changes to user roles made by administrators were not immediately reflected due to caching mechanisms...