Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Amazon
Amazonadded 2025/06/02 12:0 a.m.3 views

Important: perl-Mojolicious

Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...

8.1CVSS6.8AI score0.00318EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2025/06/02 12:0 a.m.7 views

Amazon Linux 2023 : perl-Mojolicious, perl-Test-Mojo (ALAS2023-2025-985)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-985 advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be...

8.1CVSS6.5AI score0.00318EPSS
Exploits2References6
RedhatCVE
RedhatCVEadded 2025/05/05 10:18 a.m.17 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

6.2CVSS5.1AI score0.00318EPSS
Exploits1References10
OSV
OSVadded 2025/05/03 11:15 a.m.9 views

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

5.3CVSS6.1AI score
Exploits0References10
Cvelist
Cvelistadded 2025/05/03 10:16 a.m.19 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

0.00318EPSS
Exploits1References13
Positive Technologies
Positive Technologiesadded 2025/05/03 12:0 a.m.4 views

PT-2025-18941 · Unknown +1 · Mojolicious +1

Name of the Vulnerable Software and Affected Versions: Mojolicious versions 7.28 through 9.39 Description: The issue concerns the generation of weak HMAC session secrets in Mojolicious for Perl. When creating a default app, a weak secret is written to the application's configuration file using th...

5.3CVSS6.2AI score0.00318EPSS
Exploits1References22
Rows per page
Query Builder