CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

263 matches found

PYSEC-2026-171

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS5.9AI score0.00016EPSS

Exploits0References3

EUVD•added 2026/03/28 9:33 p.m.•1 views

EUVD-2026-16939

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

5.8AI score0.00023EPSS

Exploits0References5

NVD•added 2026/03/28 7:16 p.m.•1 views

CVE-2026-3256

9.8CVSS0.00023EPSS

Exploits0References4

Positive Technologies•added 2026/03/28 12:0 a.m.•2 views

PT-2026-28439

Name of the Vulnerable Software and Affected Versions HTTP::Session versions through 0.53 Description HTTP::Session for Perl, by default, uses insecurely generated session IDs. The software utilizes HTTP::Session::ID::SHA1 to create session IDs, employing a SHA-1 hash seeded with the built-in ran...

5.8AI score0.00023EPSS

Exploits0References7

NVD•added 2026/02/27 9:16 p.m.•2 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS0.00019EPSS

Exploits0References4

Cvelist•added 2026/02/27 8:15 p.m.•16 views

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend

0.00019EPSS

Exploits0References3

CNNVD•added 2026/02/27 12:0 a.m.•4 views

HTTP::Session2 安全漏洞

HTTP::Session2 is a Perl package developed by Tokuhiro Matsuno. Versions of HTTP::Session2 prior to 1.09 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the session ID format provided by users, which could lead to code injection or other issues...

6.5CVSS5.9AI score0.00019EPSS

Exploits0References5

NVD•added 2026/02/02 4:15 a.m.•3 views

CVE-2026-1741

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...

7.5CVSS0.00112EPSS

Exploits0References4

ATTACKERKB•added 2026/02/02 3:2 a.m.•4 views

CVE-2026-1741

7.5CVSS5.8AI score0.00112EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/01/09 8:33 a.m.•2 views

CVE-2024-41687

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow...

8.6CVSS7.3AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2025/12/17 4:4 p.m.•3 views

CVE-2025-62329

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions...

5.6CVSS6.6AI score0.00048EPSS

Exploits0References1

NVD•added 2025/12/15 8:15 p.m.•1 views

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

5CVSS0.00031EPSS

Exploits0References1

CNNVD•added 2025/12/15 12:0 a.m.•1 views

IBM UrbanCode Deploy（IBM UCD）和IBM DevOps Deploy 代码问题漏洞

IBM UrbanCode Deploy IBM UCD and IBM DevOps Deploy are both products of International Business Machines IBM.IBM UrbanCode Deploy is a suite of application automation deployment tools. The tool is based on an application deployment automation management information model, and through remote agent...

5CVSS6.6AI score0.00031EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-18858

Malware in sbrugna...

7.5CVSS7.6AI score0.00278EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-0407

Malware in sbrugna...

4.3CVSS4.8AI score0.00263EPSS

Exploits0References3