CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

GHSA-8JG2-726G-XH43 parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-1163 Insufficient Session Expiration in parisneo/lollms

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

EUVD-2026-20030

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

PT-2026-31070

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

EUVD-2016-5033

Malware in sbrugna...

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system lies in the incorrect session duration, allowing attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system is related to an incorrect session duration. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected...

The vulnerability of the AutoGRAPH Web monitoring software lies in the incorrect duration of a session, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of the AutoGRAPH Web monitoring software platform lies in the incorrect duration of a session. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted HTTP request...

The vulnerability of the IBM InfoSphere Information Server software platform, related to incorrect session duration, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM InfoSphere Information Server software platform is related to incorrect session duration settings. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the SIMATIC PCS neo technology process management web system, related to incorrect session duration, allows a intruder to intercept the user’s session.

The vulnerability of the SIMATIC PCS neo technology process management web system is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the user’s session...

The vulnerability of platform monitoring systems for events detection, threat detection, and security analytics in IBM QRadar Suite and IBM Cloud Pak for Security lies in incorrect session duration settings, which allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to incorrect session duration settings. Exploiting these vulnerabilities can allow attackers operating remotely to compromise...

The vulnerability in the web interface of the Prisma Cloud Compute security platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web interface of the Prisma Cloud Compute security platform is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the Apache Roller server for creating web blogs relates to incorrect session duration settings, which allows attackers to gain unauthorized access to the system.

The vulnerability of the Apache Roller server for creating web blogs is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the system remotely...

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios in Apache Airflow, stems from incorrect session duration settings. This allows attackers to maintain a session in the system.

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios, is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to maintain a session on the system...

The vulnerability of Acronis Cyber Protect 16’s data protection software lies in its incorrect session duration limits, which allow attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of Acronis Cyber Protect 16 software-related data protection software is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. This allows attackers to gain unauthorized access and disclose the protected information.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access and disclose the protected information...