221 matches found
EUVD-2025-35077
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
PT-2025-42788
Name of the Vulnerable Software and Affected Versions oatpp-mcp affected versions not specified Description The MCP SSE endpoint returns an instance pointer as the session ID, which is not unique or cryptographically secure. This allows network attackers with access to the oatpp-mcp server to gue...
Insecure Session Handling
github.com/coder/coder is vulnerable to Insecure Session Handling. The vulnerability is due to stale session tokens in prebuilt workspaces, allowing attackers to reuse them to gain unauthorized access...
EUVD-2019-16879
Malware in sbrugna...
EUVD-2019-13415
Malware in sbrugna...
EUVD-2025-27069
Malicious code in bioql PyPI...
EUVD-2022-31201
Malicious code in bioql PyPI...
EUVD-2024-2303
Malicious code in bioql PyPI...
EUVD-2025-30364
Malicious code in bioql PyPI...
EUVD-2025-21693
Malicious code in bioql PyPI...
CVE-2025-40925
Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...
CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely
Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...
PT-2025-38638
Name of the Vulnerable Software and Affected Versions Starch versions 0.14 and earlier Description Starch generates session IDs insecurely. The default session ID generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference...
Starch 安全漏洞
Starch is an HTTP session library by the individual developer Aran Clary. A security vulnerability exists in Starch 0.14 and earlier versions, which stems from insecure session ID generation and could lead to a session hijacking attack...
CVE-2025-40933
Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...
CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...
PT-2025-38160
Name of the Vulnerable Software and Affected Versions: Apache::AuthAny::Cookie versions 0.201 and earlier Description: The software generates session IDs insecurely using an MD5 hash of the epoch time and the rand function. The epoch time may be guessable if not concealed by the HTTP Date header,...
MetaCPAN Apache::AuthAny::Cookie 安全漏洞
MetaCPAN Apache::AuthAny::Cookie is a Perl authentication module from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Apache::AuthAny::Cookie version 0.201 and earlier, which stems from the use of MD5 hash and rand functions to generate insecure session IDs, which could lead ...
CVE-2025-58437
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...