SUSE CVE-2025-68792

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...

EUVD-2025-13360

Malicious code in bioql PyPI...

Important: perl-Mojolicious

Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...

Amazon Linux 2023 : perl-Mojolicious, perl-Test-Mojo (ALAS2023-2025-985)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-985 advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be...

Fedora 41 : perl-Mojolicious (2025-c38fd06bec)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c38fd06bec advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

CVE-2024-58134 Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

CVE-2024-58134

CVE-2024-58134 (Mojolicious on Perl): Affected versions are Mojolicious 0.999922 and later up to 9.39, where the HMAC session cookie secret is derived from a hard-coded string or the app class name by default. This predictable secret enables an attacker who learns or guesses the secret to forge v...

CVE-2024-58134 Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

PT-2025-18941 · Unknown +1 · Mojolicious +1

Name of the Vulnerable Software and Affected Versions: Mojolicious versions 7.28 through 9.39 Description: The issue concerns the generation of weak HMAC session secrets in Mojolicious for Perl. When creating a default app, a weak secret is written to the application's configuration file using th...

PT-2025-18947 · Unknown +1 · Mojolicious +1

Name of the Vulnerable Software and Affected Versions: Mojolicious versions 0.999922 through 9.39 Description: The issue concerns the use of a hard-coded string or the application's class name as a HMAC session secret by default in Mojolicious for Perl. This predictable default secret can be...