2 matches found
CVE-2025-29928
CVE-2025-29928 concerns authentik, an open-source identity provider. When configured to use database-based session storage (not default), deleting sessions via the Web Interface or API would not revoke those sessions, allowing session holders continued access. This affects authentik versions prio...
PT-2024-24349 · Npm · @Festify/Secure-Session
Name of the Vulnerable Software and Affected Versions: @festify/secure-session versions prior to 7.3.0 Description: The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they...