GHSA-8JG2-726G-XH43 parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

EUVD-2026-20030

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-1163 Insufficient Session Expiration in parisneo/lollms

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

PT-2026-31070

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

EUVD-2016-5033

Malware in sbrugna...

Anonymous LOGOUT logs explanation

ns.log： Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263167 0 : "Created nFactor session for user Anonymous" Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263174 0 : "AAAD API:...

Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695

Summary IBM products 8335-GCA, 8335-GTA, and 8335-GTB have identified security vulnerabilities. Vulnerability Details CVEID:CVE-2020-4839 DESCRIPTION: IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged...

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...