577 matches found
PT-2026-29641
CVE-2025-66483 IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the s… https://t.co/iUXS2ts14j...
CVE-2025-55264
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
EUVD-2025-209085
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
CVE-2025-55264
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
CVE-2025-55264
CVE-2025-55264 concerns HCL Aftermarket DPC, where a failure to invalidate sessions on password change can allow an attacker to retain access and maintain account control after a password update. The vulnerability description indicates a session persistence issue potentially enabling account take...
CVE-2025-55264
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
PT-2026-28289
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description A flaw exists where the system fails to invalidate a session after a password change. This allows an attacker who has access to an existing session to maintain control of an accou...
CVE-2025-14810
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
PT-2026-28110
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...
CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...
CVE-2026-1435
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...