211 matches found
CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...
CVE-2026-5085
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...
CVE-2026-24318
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...
CVE-2026-8670
The CVE-2026-8670 entry concerns Avantra (Syslink software AG) on Linux and Windows, with an issue described as “Insufficient session expiration,” allowing reuse of session IDs (session replay). Affected release: Avantra before 25.3.1. The CVSSv3.1 vector indicates a Critical impact (HIGH confide...
UBUNTU-CVE-2026-8503
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
CVE-2026-8503
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
Apache::Session::Generate::SHA256 安全特征问题漏洞
Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...
PT-2026-41294
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...
Insufficient Session Expiration
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...
EUVD-2026-29039
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
PT-2026-39577
Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...
WebDyne::Session 安全特征问题漏洞
WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...
PT-2026-37627
Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...
Dancer::Session::Abstract 安全特征问题漏洞
Dancer::Session::Abstract is an abstract module for session management developed by BIGPRESH’s individual developers. Versions of Dancer::Session::Abstract prior to 1.3522 have security vulnerabilities. These vulnerabilities stem from insecure session ID generation, which could allow attackers to...
CVE-2026-24318
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...
CVE-2026-24318
The CVE concerns SAP Business Objects BI Platform. An insecure session management flaw could allow an unauthenticated attacker to obtain valid session tokens and reuse them to access or modify data within a victim’s session scope, impacting confidentiality and integrity (availability unchanged). ...