31239 matches found
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
PT-2026-22392
Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions prior to 1.12 Description The software may generate weak session IDs using the rand function. The session ID generator returns a SHA-1 hash seeded with the rand function, epoch time, and the process ID PID. The rand...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2025-40932
Apache::SessionX
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for February 2026
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF002 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to a...
CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
Spin 安全漏洞
Spin is an open-source framework developed by spinframework, designed for quickly, securely, and efficiently building and running composable cloud microservices that use WebAssembly. Versions of Spin prior to 3.6.1 contained a security vulnerability caused by improper response buffering, which...
A Deep Dive into the GetProcessHandleFromHwnd API
Posted by James Forshaw In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I...
📄 fast-xml-parser REGEX Injection / Cross Site Scripting
fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the router process. An attacker can retrieve sensitive information from internal network resources by crafting requests that leverage specific file suffixes and HTTP 302 redirects to bypass...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the router process. An attacker can retrieve sensitive information from internal network resources by crafting requests that leverage specific file suffixes and HTTP 302 redirects to bypass...
CVE-2026-27606
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...
MAL-2026-1232 Malicious code in @schedaero/yukon (npm)
Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...
Malicious code in @schedaero/yukon (npm)
Multiple evidences indicate malicious behavior: suspicious URL, data exfiltration, process exiting, and preinstall script execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02868b7ba4a5e5bf754e692e348191e6974f2f707417f20f97b33f172cda4ca The package...
Malicious code in @schedaero/bacon (npm)
Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...
Malicious code in @schedaero/net-common (npm)
Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...
MAL-2026-1229 Malicious code in @schedaero/net-common (npm)
Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...
MAL-2026-1231 Malicious code in @schedaero/shared (npm)
Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...