Lucene search
K

221 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 1:56 a.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.9AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:16 a.m.4 views

DEBIAN-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:16 a.m.9 views

UBUNTU-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:33 p.m.2 views

CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

5.9AI score0.002EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/26 11:33 p.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.3AI score0.002EPSS
Exploits0
CVE
CVE
added 2026/02/26 11:33 p.m.18 views

CVE-2025-40932

Apache::SessionX for Perl up to version 2.01 uses a default MD5-based session-id generator that seeds the MD5 with the built-in rand(), the epoch time, and the PID. This yields predictable, low-entropy session identifiers because rand() is not cryptographically secure and the epoch/PID have limit...

8.2CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22228

Name of the Vulnerable Software and Affected Versions Apache::SessionX versions through 2.01 Description Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

8.2CVSS5.9AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2026/02/16 10:22 p.m.6 views

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

9.8CVSS0.00403EPSS
Exploits0References5
NVD
NVD
added 2026/02/16 10:22 p.m.11 views

CVE-2025-15578

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

9.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 9:25 p.m.29 views

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

0.00403EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/16 9:25 p.m.2 views

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

5.7AI score0.00403EPSS
Exploits0References5
CVE
CVE
added 2026/02/16 9:25 p.m.23 views

CVE-2026-2439

Concierge::Sessions (Perl) before 0.8.5 uses generate_session_id that defaults to uuidgen or Perl rand when uuidgen fails. Both methods are insecure and produce predictable session IDs, enabling guessing to gain access per CVE-2026-2439. Affected versions are 0.8.1–0.8.4; no warnings when uuidgen...

9.8CVSS5.7AI score0.00403EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 9:18 p.m.6 views

CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

5.5AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.10 views

PT-2026-8387

Name of the Vulnerable Software and Affected Versions Concierge::Sessions versions 0.8.1 through 0.8.4 Description The generate session id function within Concierge::Sessions::Base defaults to insecure methods for generating session identifiers. Specifically, it uses the uuidgen command, which ma...

9.8CVSS5.4AI score0.00403EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.8 views

PT-2026-8386

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

5.5AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 11:24 a.m.22 views

CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:24 a.m.3 views

CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS6.4AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 3:15 p.m.5 views

CVE-2025-34412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00075EPSS
Exploits0
EUVD
EUVD
added 2025/12/15 2:44 p.m.5 views

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.2AI score0.00075EPSS
Exploits0References7
Rows per page
Query Builder