1831 matches found
Incorrect Comparison Logic Granularity
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity in the session management process. An attacker can retain full access to protected resources and perform privileged actions by...
EUVD-2026-18086
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...
PT-2026-29816
Name of the Vulnerable Software and Affected Versions listmonk versions 4.1.0 through 6.0.0 Description listmonk, a self-hosted newsletter and mailing list manager, has a session management issue. Previously issued authenticated sessions remain valid after sensitive account security changes, such...
CVE-2026-3256 HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids
HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...
HTTP::Session 安全漏洞
HTTP::Session is a server-side component library developed by KTAT’s individual developers, used for session management and state maintenance in web applications. Versions of HTTP::Session prior to 0.53 contained security vulnerabilities; these vulnerabilities stemmed from the default use of...
EUVD-2025-209085
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover...
CVE-2026-29092
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
CVE-2026-29092
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
EUVD-2026-15807
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
IBM InfoSphere Information Server 代码问题漏洞
IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier contained code...
Kiteworks 代码问题漏洞
Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.1 contained code vulnerabilities. These vulnerabilities were due to issues with session management, which could allow users who have been blocked to...
ROS-20260319-73-0033
Vulnerability in glpi related to incorrect session management. Exploitation of the vulnerability could allow an attacker acting remotely to hijack a user's session...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...
wapt-simulation
Web Application Penetration Testing WAPT Simulation This re...
CVE-2025-40931
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...