CVE-2026-8503

CVE-2026-8503 affects Apache::Session::Generate::SHA256 in Perl (versions before 1.3.19). The default ID generator creates a SHA-256 hash of sources with low entropy (rand(), epoch, PID) and hashes that result again, making session IDs predictable. This predictable randomness can enable an attack...

CVE-2026-5080

CVE-2026-5080 affects Dancer::Session::Abstract for Perl up to version 1.3522. The insecure session IDs are generated by summing the absolute pathname’s character codepoints with the process ID, epoch time, and multiple rand() calls, then concatenating the result three times. Factors such as know...

PT-2026-28439

Name of the Vulnerable Software and Affected Versions HTTP::Session versions through 0.53 Description HTTP::Session for Perl, by default, uses insecurely generated session IDs. The software utilizes HTTP::Session::ID::SHA1 to create session IDs, employing a SHA-1 hash seeded with the built-in ran...

EUVD-2025-208296

Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

EUVD-2022-49169

Malicious code in bioql PyPI...