CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

CVE-2025-66630

A flaw was found in the Fiber web framework github.com/gofiber/fiber/v2. On Go versions prior to 1.24, the framework's Universally Unique Identifier UUID generation functions do not return an error when the underlying cryptographic randomness source fails. This can cause applications to use...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

CVE-2025-9316

CVE-2025-9316 affects N-able N-Central versions before 2025.4, enabling unauthenticated sessionID generation and potential session hijack. A nuclei template and advisories describe it as an authentication bypass; mitigations cite updating to 2025.4 or later. Some sources also reference combining ...

Catalyst-Plugin-Session 安全漏洞

Catalyst-Plugin-Session is a Catalyst open source application. A security vulnerability exists in Catalyst-Plugin-Session versions prior to 0.44 that stems from an insecure way of generating session IDs, which could lead to session hijacking...

Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability January 18, 2023 CVE Number CVE-2022-40267 SUMMARY An authentication bypass vulnerability exists in the webserver session identifie...

kernel: information leak in the IPv6 implementation

An information leak flaw was found in the Linux kernel’s IPv6 implementation in the ipv6selectident in net/ipv6/outputcore.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information...

PT-2021-24251 · Netbsd · Netbsd

Name of the Vulnerable Software and Affected Versions: NetBSD versions prior to 9.3 Description: The issue concerns the IPv4 ID generation algorithm, which does not utilize appropriate cryptographic measures. Recommendations: For NetBSD versions prior to 9.3, update to version 9.3 or later to...

Mattermost Server Input Validation Error Vulnerability (CNVD-2020-35438)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An input validation error vulnerability exists in Mattermost Server versions prior to 5.11.0, which stems from the program failing to properly generate invitation IDs.No details of the vulnerability...