EUVD-2026-36194

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

PT-2026-48561

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

CVE-2026-40010 Apache Wicket: possible session fixation using AuthenticatedWebSession

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

CVE-2026-2513

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

MAL-2026-1997 Malicious code in ty-web-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f6d0a640d7d4323f1ef52969a6a259b9b6e3bacc2bf65f514cd618a00945a9 The package ty-web-session was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ty-web-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f6d0a640d7d4323f1ef52969a6a259b9b6e3bacc2bf65f514cd618a00945a9 The package ty-web-session was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

CVE-2018-25160

CVE-2018-25160 affects HTTP::Session2 for Perl up to version 1.09, where session id input is not validated, allowing code injection or other impact depending on the session backend (e.g., memcached). The connected notes reference a 1.10 release and a patch, indicating a fix was provided in newer ...

PT-2026-22399

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions through 1.09 Description The software does not properly validate user-provided session IDs, which could allow for code injection or other impacts depending on the session backend. For example, if memcached is used for...

PT-2026-3931

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

CVE-2025-36360 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

PT-2025-47043

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L version 2 06 b09 beta Description A flaw exists in the D-Link DIR-816L router, specifically within the genacgi main function of the gena.cgi script. Manipulation of the SERVER ID or HTTP SID parameters can lead to a stack-based...

EUVD-2013-0948

Malware in sbrugna...

EUVD-2010-3870

Malware in sbrugna...

EUVD-2007-4186

Malware in sbrugna...

EUVD-2015-5414

Malware in sbrugna...

EUVD-2012-5310

Malware in sbrugna...

EUVD-2013-1240

Malware in sbrugna...