209 matches found
EUVD-2018-19391
Malware in sbrugna...
EUVD-2013-4802
Malware in sbrugna...
EUVD-2024-17363
Malicious code in bioql PyPI...
EUVD-2021-9288
Malicious code in bioql PyPI...
CVE-2023-41041
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
CVE-2020-14247
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...
CVE-2013-4958
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...
CVE-2019-10046
An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...
CVE-2018-21018
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions...
CVE-2010-5067
Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...
Linux Distros Unpatched Vulnerability : CVE-2013-7347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session...
GO-2025-3408 WITHDRAWN: DefaultConfig has dangerous defaults causing hung Read in github.com/hashicorp/yamux
This report has been withdrawn with reason: "By request of maintainer in https://github.com/golang/vulndb/issues/3453". The default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout of 30s and 10s create the possibility for timed out writes that most aren't...
Session Fixation
Umbraco is vulnerable to Session Fixation. The vulnerability is due to a session timeout discrepancy where the Backoffice logout page displays a session timeout message before the server session expires, leading users to believe they are logged out about 30 seconds early. It allows an attacker to...
AWS VDP: Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal
NOTE! Thanks for submitting a report to Amazon Web Services! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: AWS SSO...
CVE-2024-48926
CVE-2024-48926 affects Umbraco CMS. The issue is an insufficient session expiration in the Backoffice where the logout page shows a timeout message ~30 seconds before the server session expires. Affected versions: 13.x prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. Patches are p...
CVE-2024-23586 An insufficient session timeout vulnerability affects HCL Nomad server on Domino
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information...
User Profile hangs when using CVAD 2203 CU5
Upgrading to CVAD 2203 CU5 found an issue with hanging on loading the user profile. It eventually times out and the session is disconnected/hung...