CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•11 views

Exploits0References7

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

Debian CVE•added 3 days ago•6 views

Exploits0References5

CVE-2009-10007

Tenable Nessus•added 3 days ago•5 views

Exploits0

Linux Distros Unpatched Vulnerability : CVE-2009-10007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not...

Tenable Nessus•added 2026/06/02 12:0 a.m.•7 views

Fedora 44 : perl-Catalyst-Plugin-Authentication (2026-26666575ae)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-26666575ae advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

RedhatCVE•added 2026/06/01 10:14 a.m.•10 views

Exploits0References2

CVE-2026-5091

A flaw was found in Catalyst::Plugin::Authentication. This vulnerability allows a remote attacker to conduct timing attacks by observing discrepancies in the time it takes to compare passwords or hashes. This could enable the attacker to guess the underlying hash or password, leading to...

OSV•added 2026/05/29 5:12 a.m.•8 views

Exploits0References2

MGASA-2026-0160 Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability

The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...

Tenable Nessus•added 2026/05/26 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison...

NVD•added 2026/05/21 10:16 p.m.•9 views

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.1CVSS0.00007EPSS

OSV•added 2026/05/21 10:16 p.m.•1 views

UBUNTU-CVE-2026-5091

CVE•added 2026/05/21 9:7 p.m.•12 views

CVE-2026-5091

CVE-2026-5091 affects Catalyst::Plugin::Authentication up to version 0.10024 for Perl. The issue is a timing-attack vulnerability arising from using Perl’s built-in eq comparison, enabling an attacker with local access to distinguish timing differences and potentially infer the underlying hash or...

Cvelist•added 2026/05/21 9:7 p.m.•25 views

CVE-2026-5091 Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

0.00007EPSS

Exploits0References2

ATTACKERKB•added 2026/05/21 9:7 p.m.•4 views

CVE-2026-5091

5.8AI score0.00007EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42551

CNNVD•added 2026/05/21 12:0 a.m.•7 views

Exploits0References5

Catalyst-Plugin-Authentication 安全漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...

NVD•added 2026/05/10 9:16 p.m.•6 views

Exploits0References1

CVE-2026-45180

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...

7.5CVSS0.00037EPSS

CVE•added 2026/05/10 8:3 p.m.•11 views

CVE-2026-45180

CVE-2026-45180 affects Catalyst::Plugin::Statsd for Perl up to version 0.10.0. The issue is leakage of session IDs when the communication channel to the statsd daemon is unsecured (e.g., UDP to a different network). This could allow an attacker to use leaked session IDs as authentication tokens. ...

7.5CVSS5.8AI score0.00037EPSS