Lucene search
K

221 matches found

EUVD
EUVD
added 2025/10/20 6:30 p.m.5 views

EUVD-2025-35077

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.3AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/20 4:13 p.m.10 views

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/20 12:0 a.m.5 views

PT-2025-42788

Name of the Vulnerable Software and Affected Versions oatpp-mcp affected versions not specified Description The MCP SSE endpoint returns an instance pointer as the session ID, which is not unique or cryptographically secure. This allows network attackers with access to the oatpp-mcp server to gue...

6.8CVSS6.5AI score0.00344EPSS
Exploits0References13
Veracode
Veracode
added 2025/10/14 1:23 p.m.6 views

Insecure Session Handling

github.com/coder/coder is vulnerable to Insecure Session Handling. The vulnerability is due to stale session tokens in prebuilt workspaces, allowing attackers to reuse them to gain unauthorized access...

8.1CVSS7.2AI score0.00349EPSS
Exploits1References7Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16879

Malware in sbrugna...

6.1CVSS7.6AI score0.00873EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13415

Malware in sbrugna...

8.2CVSS7.4AI score0.01058EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27069

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00349EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31201

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.01106EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-2303

Malicious code in bioql PyPI...

4.1CVSS6.3AI score0.00597EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-30364

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00336EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21693

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00329EPSS
Exploits0References4
NVD
NVD
added 2025/09/20 1:15 p.m.9 views

CVE-2025-40925

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

9.1CVSS0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/20 12:31 p.m.12 views

CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/20 12:0 a.m.8 views

PT-2025-38638

Name of the Vulnerable Software and Affected Versions Starch versions 0.14 and earlier Description Starch generates session IDs insecurely. The default session ID generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference...

9.1CVSS6.7AI score0.00336EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/20 12:0 a.m.5 views

Starch 安全漏洞

Starch is an HTTP session library by the individual developer Aran Clary. A security vulnerability exists in Starch 0.14 and earlier versions, which stems from insecure session ID generation and could lead to a session hijacking attack...

9.1CVSS6.5AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 2025/09/17 2:25 p.m.14 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/17 2:25 p.m.2 views

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

6.6AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.10 views

PT-2025-38160

Name of the Vulnerable Software and Affected Versions: Apache::AuthAny::Cookie versions 0.201 and earlier Description: The software generates session IDs insecurely using an MD5 hash of the epoch time and the rand function. The epoch time may be guessable if not concealed by the HTTP Date header,...

7.5CVSS6.3AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

MetaCPAN Apache::AuthAny::Cookie 安全漏洞

MetaCPAN Apache::AuthAny::Cookie is a Perl authentication module from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Apache::AuthAny::Cookie version 0.201 and earlier, which stems from the use of MD5 hash and rand functions to generate insecure session IDs, which could lead ...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/08 3:12 a.m.12 views

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

8.1CVSS6.8AI score0.00349EPSS
Exploits1References1
Rows per page
Query Builder