183 matches found
ePower 代码问题漏洞
ePower is an electric vehicle charging station system owned by the Irish company ePower. ePower has a code vulnerability that stems from the predictable nature of session identifiers and the ability for multiple endpoints to use the same identifier to connect, which may lead to session hijacking ...
PT-2026-23711
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
EUVD-2025-208297
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...
CVE-2025-40926 Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...
Apache::Session::Generate::MD5 安全漏洞
Apache::Session::Generate::MD5 is a session management module provided by the Apache Foundation. Versions of Apache::Session::Generate::MD5 prior to 1.94 contained security vulnerabilities. These vulnerabilities stemmed from the use of insecure random number generators for generating session IDs,...
Plack::Middleware::Session::Simple 安全漏洞
Plack::Middleware::Session::Simple is a lightweight session management middleware developed by Masahiro Nagano. Versions of Plack::Middleware::Session::Simple prior to 0.04 contained security vulnerabilities, which stemmed from the use of insecure random number generators for generating session...
SUSE CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...
CVE-2026-27755
The CVE describes a vulnerability in SODOLA SL902-SWTGW124AS firmware up to version 200.1.20 where the session ID is generated using predictable MD5-based cookies. An attacker who knows or guesses valid credentials could compute the session identifier offline, bypass the login flow, and gain unau...
UBUNTU-CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2025-40932
Apache::SessionX for Perl up to version 2.01 uses a default MD5-based session-id generator that seeds the MD5 with the built-in rand(), the epoch time, and the PID. This yields predictable, low-entropy session identifiers because rand() is not cryptographically secure and the epoch/PID have limit...
CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
PT-2026-22228
Name of the Vulnerable Software and Affected Versions Apache::SessionX versions through 2.01 Description Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
Binardat 10G08-0800GSM 安全特征问题漏洞
Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The previous versions of Binardat 10G08-0800GSM Network SwitchV300SP10260209 had security feature vulnerabilities. These vulnerabilities stemmed from the use of the Web management interface to generate...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
EUVD-2000-0110
Malware in sbrugna...