2 matches found
CVE-2026-40587 blueprintUE: Active Sessions Are Not Invalidated After Password Change or Reset
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store...
PT-2024-27940 · Ibm · Ibm Aspera Shares
Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.0 through 1.10.0 PL3 Description: The issue allows an authenticated user to impersonate another user on the system because sessions are not invalidated after a password reset. Recommendations: For IBM Aspera Share...