CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

CVE-2026-50213

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score

Exploits0References2

Positive Technologies•added 17 hours ago•7 views

PT-2026-46165

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score

Exploits0References2

ATTACKERKB•added 2026/05/21 7:34 a.m.•8 views

CVE-2026-44054

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

6.5CVSS5.8AI score0.00117EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2026/05/15 12:17 p.m.•3 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00041EPSS

Exploits0References8

EUVD•added 2026/05/15 11:6 a.m.•9 views

EUVD-2026-30536

9.1CVSS5.8AI score0.00043EPSS

Exploits0References5

Positive Technologies•added 2026/05/15 12:0 a.m.•7 views

PT-2026-41294

6.5CVSS5.8AI score0.00041EPSS

Exploits0References8

NVD•added 2026/04/30 12:16 p.m.•3 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS0.00054EPSS

Exploits0References3

CVE•added 2026/04/30 11:49 a.m.•5 views

CVE-2026-5080

CVE-2026-5080 affects Dancer::Session::Abstract for Perl up to version 1.3522. The insecure session IDs are generated by summing the absolute pathname’s character codepoints with the process ID, epoch time, and multiple rand() calls, then concatenating the result three times. Factors such as know...

5.9CVSS5.3AI score0.00054EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/30 11:49 a.m.•2 views

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

5.3AI score0.00054EPSS

Exploits0References2

ATTACKERKB•added 2026/04/13 6:56 a.m.•0 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00045EPSS

Exploits0References4

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32282

5.7AI score0.00045EPSS

Exploits0References4

RedhatCVE•added 2026/04/07 6:35 p.m.•2 views

CVE-2026-28810

A flaw was found in Erlang/OTP kernel. The built-in DNS resolver inetres uses predictable 16-bit transaction IDs and lacks source port randomization. A remote attacker can exploit this by observing or predicting DNS query IDs, leading to DNS cache poisoning. This allows the attacker to redirect...

6.3CVSS5.8AI score0.00047EPSS

Exploits0References10

UbuntuCve•added 2026/04/07 12:0 a.m.•2 views

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS5.9AI score0.00047EPSS

Exploits0References8

NVD•added 2026/03/05 2:16 a.m.•1 views

CVE-2025-40926

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

9.8CVSS0.00076EPSS

Exploits0References6

OSV•added 2026/03/05 2:16 a.m.•1 views

UBUNTU-CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00029EPSS

Exploits0References5

Cvelist•added 2026/03/05 1:41 a.m.•24 views

CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

0.00029EPSS

Exploits0References9

Cvelist•added 2026/03/05 1:24 a.m.•24 views

CVE-2025-40926 Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely

0.00076EPSS

Exploits0References6

ATTACKERKB•added 2026/03/05 1:24 a.m.•2 views

CVE-2025-40926

9.8CVSS5.7AI score0.00535EPSS

Exploits0References7

RedhatCVE•added 2026/02/28 1:56 a.m.•1 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.9AI score0.00043EPSS

Exploits0References1

NVD•added 2026/02/27 12:16 a.m.•3 views

CVE-2025-40932

8.2CVSS0.00043EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by