CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

EUVD-2009-4322

Malware in sbrugna...

EUVD-2014-0213

Malware in sbrugna...

EUVD-2019-7017

Malware in sbrugna...

EUVD-2024-35181

Malicious code in bioql PyPI...

EUVD-2025-21775

Malicious code in bioql PyPI...

CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

CVE-2025-40923

CVE-2025-40923 affects Plack-Middleware-Session for Perl prior to 0.35, where the default session id generator uses a SHA-1 hash seeded with rand, epoch time, and PID, making session IDs predictable. Fedora advisory notes a fix to version 0.36, using Crypt::SysRandom for secure session IDs. The v...

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2013-4762

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID...

Bbsxp 2 0 0 7[previous version don't know]an interesting vulnerability-vulnerability warning-the black bar safety net

| cpmpact. asp % option explicit Const JET3X = 4 if ""&Request"sessionid"&""""&session. sessionid&"" then error"validation code error" Dim dbpath,boolIs97 dbpath = Request"dbpath" boolIs97 = Request"boolIs97" If dbpath "" Then dbpath = server. mappathdbpath response. writeCompactDBdbpath,boolIs97...