1678 matches found
CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...
CVE-2026-5081
The CVE-2026-5081 entry concerns Apache::Session::Generate::ModUniqueId for Perl. Affected versions: 1.54 through 1.94 use the UNIQUE_ID environment variable (set by mod_unique_id) as the session id. The UNIQUE_ID is built from the request’s IPv4 address, process id, epoch time, a 16-bit counter,...
CVE-2026-5081
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-40010
CVE-2026-40010 describes a session-fixation risk in Apache Wicket caused by missing invocation of Servlet http web request method changeSessionId after session binding. Affected versions are Wicket 8.0.0–8.17.0, 9.0.0, and 10.0.0–10.8.0. The issue can be mitigated by upgrading to version 10.9.0, ...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-40010 Apache Wicket: possible session fixation using AuthenticatedWebSession
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-40010 Apache Wicket: possible session fixation using AuthenticatedWebSession
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
Linux Distros Unpatched Vulnerability : CVE-2026-5081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...
Directory Traversal
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal via the FormFlash process when the sessionid parameter mapped to form-flash-id in POST requests is not properly sanitized...
CVE-2026-5080
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
PT-2026-36091
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
Fedora 45 : live555 / vlc (2026-56c8fe41c8)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-56c8fe41c8 advisory. Latest upstream release. Adds protection against the use of a 'stolen' authenticated RTSP session id to send RTSP server's PLAY, PAUSE, TEARDOWN, and...
curl: libcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay
Summary: libcurl automatically learns RTSP Session: headers from server responses and stores them in data-set.strSTRINGRTSPSESSIONID in lib/rtsp.c:1015-1033. On later RTSP requests using the same easy handle, rtspdo reads that easy-handle-scoped value at lib/rtsp.c:373 and unconditionally emits...
Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass
Vulnerability description not provided...
GHSA-VC46-VW85-3WVM
creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...
PT-2026-32282
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-32932
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...
EUVD-2026-21534
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...