Lucene search
K

39 matches found

Snyk
Snyk
added 2025/11/26 10:11 p.m.2 views

Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...

7.3CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2025/11/26 10:11 p.m.1 views

GHSA-WMJR-V86C-M9JJ Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions

Summary A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cook...

2CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/26 10:11 p.m.9 views

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions

Summary A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cook...

7AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-17821

Malware in sbrugna...

5.3CVSS5.6AI score0.00804EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1066

Malware in sbrugna...

6.1CVSS6.1AI score0.00658EPSS
Exploits0References4
Citrix
Citrix
added 2025/04/15 12:0 a.m.13 views

Citrix DaaS | Workspace expiration period forced Users to re-authenticate

When the user logs in to workspace URL, they are unexpected behavior while using CWA. -They will be prompted to keep themselves logged in due to a Inactive policy set. -Once they select keep me logged in, the workspace page gets refreshed and they don't see any apps or desktops...

7AI score
Exploits0
Veracode
Veracode
added 2024/11/06 12:46 p.m.10 views

Improper Session Termination

umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...

4.2CVSS6.7AI score0.00247EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/22 6:13 p.m.14 views

GHSA-WXW9-6PV9-C3XC Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

4.2CVSS4.4AI score0.00247EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/22 6:13 p.m.26 views

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Impact During an explicit sign-out, the server session is not fully terminated...

4.2CVSS6.9AI score0.00247EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/22 3:54 p.m.21 views

CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

4.2CVSS7.1AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.5 views

PT-2024-33276 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Description: The issue occurs during an explicit sign-out, where the server session is not fully terminated. This affects Umbraco, a free and open source .NET content...

4.2CVSS7.2AI score0.00247EPSS
Exploits0References9
Microsoft KB
Microsoft KB
added 2024/09/30 12:0 a.m.6 views

September 30, 2024—KB5043178 (OS Build 26100.1882) Preview

September 30, 2024—KB5043178 OS Build 26100.1882 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...

6.5AI score
Exploits0
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.4 views

PKP OPEN JOURNAL SYSTEMS 输入验证错误漏洞

PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP, Inc. An input validation error vulnerability exists in PKP OPEN JOURNAL SYSTEMS 3.4.0-6 and earlier versions, which stems from the parameter source in file /login/signOut that causes an open redirect...

6.9CVSS4.9AI score0.00413EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.2 views

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.1.10.0 and earlier, which stems from incorrect input validation and allows an attack...

3.6CVSS6.8AI score0.00245EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/19 2:58 p.m.23 views

Insufficient Session Expiration

github.com/greenpau/caddy-security is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain...

4.8CVSS6.9AI score0.00711EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/17 6:30 a.m.21 views

Insufficient Session Expiration in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

8.1CVSS7AI score0.00711EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2024/02/17 5:15 a.m.20 views

Session fixation

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

4CVSS7.3AI score0.00711EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/16 12:0 a.m.5 views

PT-2024-18908

Name of the Vulnerable Software and Affected Versions github.com/greenpau/caddy-security affected versions not specified Description The issue is related to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid ev...

8.1CVSS6.5AI score0.00711EPSS
Exploits1References12
OSV
OSV
added 2023/04/18 9:15 p.m.6 views

CVE-2023-28003

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account...

8.8CVSS7.3AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.3 views

编号撤回

easyii CMS is a simple CMS for simple websites developed by individual developer noumo. easyii CMS has a cross-site request forgery vulnerability in the /admin/sign/out file. An attacker can exploit this vulnerability to cause cross-site request forgery...

6.8AI score
Exploits0
Rows per page
Query Builder