29 matches found
CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...
CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...
EUVD-2017-2770
Malware in sbrugna...
EUVD-2022-42319
Malicious code in bioql PyPI...
EUVD-2022-42320
Malicious code in bioql PyPI...
EUVD-2023-33906
Malicious code in bioql PyPI...
CVE-2022-39875
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39874
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...
CVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...
CVE-2023-2416 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.5. This makes it possible for unauthenticated to logout a vctia...
CVE-2022-39874
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39874
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39875
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39875
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39874
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
CVE-2022-39875
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
Information disclosure
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
Design/Logic Flaw
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...
PT-2022-25066 · Samsung · Samsung Account
Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 13.5.0 Description: The issue allows attackers to unauthorized logout due to a sensitive log information leakage. Recommendations: For versions prior to 13.5.0, update to version 13.5.0 or later to resolve th...