Lucene search
+L

1678 matches found

Cvelist
Cvelist
added 2026/05/06 12:16 p.m.40 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 12:16 p.m.21 views

CVE-2026-5081

The CVE-2026-5081 entry concerns Apache::Session::Generate::ModUniqueId for Perl. Affected versions: 1.54 through 1.94 use the UNIQUE_ID environment variable (set by mod_unique_id) as the session id. The UNIQUE_ID is built from the request’s IPv4 address, process id, epoch time, a 16-bit counter,...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 12:16 p.m.14 views

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00302EPSS
Exploits0
NVD
NVD
added 2026/05/06 10:16 a.m.8 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 8:34 a.m.34 views

CVE-2026-40010

CVE-2026-40010 describes a session-fixation risk in Apache Wicket caused by missing invocation of Servlet http web request method changeSessionId after session binding. Affected versions are Wicket 8.0.0–8.17.0, 9.0.0, and 10.0.0–10.8.0. The issue can be mitigated by upgrading to version 10.9.0, ...

9.1CVSS5.7AI score0.00379EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:34 a.m.8 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

5.7AI score0.00379EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 8:34 a.m.33 views

CVE-2026-40010 Apache Wicket: possible session fixation using AuthenticatedWebSession

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

0.00379EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 8:34 a.m.4 views

CVE-2026-40010 Apache Wicket: possible session fixation using AuthenticatedWebSession

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS5.9AI score0.00379EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...

9.1CVSS6AI score0.00302EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 9:34 p.m.7 views

Directory Traversal

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal via the FormFlash process when the sessionid parameter mapped to form-flash-id in POST requests is not properly sanitized...

9.3CVSS6.3AI score0.00521EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:49 a.m.5 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 11:49 a.m.36 views

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36091

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/26 12:0 a.m.5 views

Fedora 45 : live555 / vlc (2026-56c8fe41c8)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-56c8fe41c8 advisory. Latest upstream release. Adds protection against the use of a 'stolen' authenticated RTSP session id to send RTSP server's PLAY, PAUSE, TEARDOWN, and...

5.5AI score
Exploits0References1
Hacker One
Hacker One
added 2026/04/17 2:41 p.m.15 views

curl: libcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay

Summary: libcurl automatically learns RTSP Session: headers from server responses and stores them in data-set.strSTRINGRTSPSESSIONID in lib/rtsp.c:1015-1033. On later RTSP requests using the same easy handle, rtspdo reads that easy-handle-scoped value at lib/rtsp.c:373 and unconditionally emits...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/04/14 1:25 p.m.15 views

Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass

Vulnerability description not provided...

4.3CVSS5.8AI score0.0031EPSS
Exploits1
Circl
Circl
added 2026/04/14 5:17 a.m.8 views

GHSA-VC46-VW85-3WVM

creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...

4.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.15 views

PT-2026-32282

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/04/10 6:16 p.m.4 views

CVE-2026-32932

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

6.1CVSS0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 5:51 p.m.15 views

EUVD-2026-21534

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

4.7CVSS5.9AI score0.00178EPSS
Exploits0References3
Rows per page
Query Builder