CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

9.1CVSS6.9AI score

Exploits0References3

CVE•added 2025/09/19 6:46 p.m.•20 views

CVE-2025-34188

CVE-2025-34188 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 1.0.735 and Vasion Print Application prior to 20.0.1330 (macOS/Linux deployments). The root cause is a vulnerability in the local logging mechanism that stores authentication session tokens (PHPSESSID, XSR...

8.4CVSS6AI score0.00287EPSS

Exploits1References4Affected Software2

NVD•added 2025/09/17 3:15 p.m.•3 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

7.5CVSS0.00383EPSS

Exploits0References1

CVE•added 2025/09/17 2:25 p.m.•14 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...

7.5CVSS6.6AI score0.00383EPSS

Exploits0References1

Cvelist•added 2025/09/17 2:25 p.m.•8 views

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

0.00383EPSS

Exploits0References1

RedhatCVE•added 2025/08/30 6:18 p.m.•4 views

CVE-2025-30040

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS7AI score0.0017EPSS

Exploits0References1

NVD•added 2025/08/27 11:15 a.m.•2 views

CVE-2025-30041

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS0.00165EPSS

Exploits0References1

Cvelist•added 2025/08/27 10:21 a.m.•5 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS0.00165EPSS

Exploits0References1

Vulnrichment•added 2025/08/27 10:21 a.m.•3 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS7.2AI score0.00165EPSS

Exploits0References1

CVE•added 2025/08/27 10:21 a.m.•15 views

CVE-2025-30041

CVE-2025-30041 concerns exposure of session identifiers via three CGI script paths: /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl. The description indicates that these endpoints expose data containing session ID...

9CVSS6.2AI score0.00165EPSS

Exploits0References1

Vulnrichment•added 2025/08/27 10:21 a.m.•2 views

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS7.1AI score0.0017EPSS

Exploits0References1

Cvelist•added 2025/08/27 10:21 a.m.•6 views

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS0.0017EPSS

Exploits0References1

CVE•added 2025/08/27 10:21 a.m.•15 views

CVE-2025-30040

Technical details about CVE-2025-30040 are not publicly available in the provided connected documents. Monitor for updates from official advisories and EUVD entries.

9CVSS6AI score0.0017EPSS

Exploits0References1

CNNVD•added 2025/08/27 12:0 a.m.•4 views

CGM CLININET 访问控制错误漏洞

CGM CLININET is a hospital information management system from CGM Germany. An access control error vulnerability exists in CGM CLININET that originates from unauthenticated access to the userlogxls.pl endpoint to download session ID data...

9CVSS6.3AI score0.0017EPSS

Exploits0References2

Positive Technologies•added 2025/08/27 12:0 a.m.•4 views

PT-2025-34847 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...

9.4CVSS5.9AI score0.00231EPSS

Exploits0References6

Positive Technologies•added 2025/08/27 12:0 a.m.•4 views

PT-2025-34848 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The paths /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl expose data containing session IDs...

9.4CVSS5.9AI score0.00231EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by