CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

Amon2 安全漏洞

Amon2 is a lightweight web application development framework developed by Tokuhiro Matsuno. Versions of Amon2 prior to 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the insecure implementation of the randomstring function, which could lead to the generation of insecu...

HTTP::Session 安全漏洞

HTTP::Session is a server-side component library developed by KTAT’s individual developers, used for session management and state maintenance in web applications. Versions of HTTP::Session prior to 0.53 contained security vulnerabilities; these vulnerabilities stemmed from the default use of...

CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

CVE-2025-40932

Apache::SessionX

PT-2026-22228

Name of the Vulnerable Software and Affected Versions Apache::SessionX versions through 2.01 Description Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2026-2439

The CVE affects Concierge::Sessions versions 0.8.1 up to, but not including, 0.8.5. The vulnerability stems from the generate_session_id function in Concierge::Sessions::Base using uuidgen by default, with a fallback to Perl’s rand(). Neither method is cryptographically secure, and the fallback c...

PT-2026-8386

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...

Tigo Energy Cloud Connect Advanced 安全漏洞

Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. A security vulnerability exists in Tigo Energy Cloud Connect Advanced that stems from insecure session ID generation that could lead to unauthorized access...

CVE-2022-26647

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...