Lucene search
K

577 matches found

Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29641

CVE-2025-66483 IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the s… https://t.co/iUXS2ts14j...

6.3CVSS5.9AI score0.00176EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.8 views

CVE-2025-55264

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.3 views

EUVD-2025-209085

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 2:16 p.m.3 views

CVE-2025-55264

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 1:4 p.m.24 views

CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 1:4 p.m.8 views

CVE-2025-55264

CVE-2025-55264 concerns HCL Aftermarket DPC, where a failure to invalidate sessions on password change can allow an attacker to retain access and maintain account control after a password update. The vulnerability description indicates a session persistence issue potentially enabling account take...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:4 p.m.2 views

CVE-2025-55264

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 1:4 p.m.2 views

CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28289

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description A flaw exists where the system fails to invalidate a session after a password change. This allows an attacker who has access to an existing session to maintain control of an accou...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:11 p.m.2 views

CVE-2025-14810

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28110

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 10:56 p.m.5 views

CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

8.1CVSS5.8AI score0.00369EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/26 10:56 p.m.28 views

CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

8.1CVSS0.00369EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 10:2 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...

9.3CVSS6AI score0.00428EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/25 10:2 p.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...

9.3CVSS6AI score0.00428EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/25 10:2 p.m.9 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.7 views

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.8CVSS5.5AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 2:16 p.m.7 views

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.8CVSS0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 1:8 p.m.5 views

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS5.5AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 1:8 p.m.28 views

CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.3CVSS0.00367EPSS
Exploits0References1
Rows per page
Query Builder