Lucene search
K

55 matches found

Cvelist
Cvelist
added 2026/04/08 5:48 a.m.17 views

CVE-2026-5082 Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

0.00405EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

Ado::Sessions 安全漏洞

Ado::Sessions is a lightweight Perl-based web application development framework developed by. Versions of Ado::Sessions prior to 0.935 contained security vulnerabilities; these vulnerabilities stemmed from the generation of insecure session IDs, which could lead to session hijacking...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

Amon2::Plugin::Web::CSRFDefender 安全漏洞

Amon2::Plugin::Web::CSRFDefender is a web security plugin developed by TOKUHIROM as an individual developer. There are security vulnerabilities in versions 7.00 to 7.03 of Amon2::Plugin::Web::CSRFDefender. These vulnerabilities stem from the generation of insecure session IDs, which may lead to...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/30 10:54 a.m.4 views

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References1
NVD
NVD
added 2026/03/28 7:16 p.m.7 views

CVE-2026-3256

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

9.8CVSS0.0053EPSS
Exploits0References5
CVE
CVE
added 2026/03/28 6:52 p.m.13 views

CVE-2026-3256

The CVE-2026-3256 issue affects the HTTP::Session Perl module (versions through 0.53). The root cause is insecure session ID generation: HTTP::Session::ID::SHA1 creates IDs by hashing a seed composed of the built-in rand() value, high-resolution epoch time, and the process ID. The PID comes from ...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2025-40926

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/05 2:3 p.m.3 views

SUSE CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 3:31 a.m.6 views

EUVD-2025-208297

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.9AI score0.00583EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23118

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::MD5 versions through 1.94 Description The software generates session IDs insecurely. The default session ID generator uses an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. T...

9.1CVSS5.7AI score0.00583EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23117

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Simple versions through 0.04 Description The software generates session IDs insecurely. The default session ID generator uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/02 12:28 a.m.7 views

SUSE CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.7AI score0.002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 1:56 a.m.4 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.9AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:16 a.m.4 views

DEBIAN-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:16 a.m.8 views

UBUNTU-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:33 p.m.2 views

CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

5.9AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2026/02/16 10:22 p.m.5 views

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

9.8CVSS0.00403EPSS
Exploits0References5
NVD
NVD
added 2026/02/16 10:22 p.m.7 views

CVE-2025-15578

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

9.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 9:25 p.m.27 views

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

0.00403EPSS
Exploits0References5
Rows per page
Query Builder