EUVD-2026-30565

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

Linux Distros Unpatched Vulnerability : CVE-2026-8503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurel...

PT-2026-31087

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate session id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

EUVD-2023-44359

Malicious code in bioql PyPI...

Insecure Sessions

github.com/hashicorp/vault is using insecure sessions. User-viewed secrets between sessions in a single shared browser are insecurely cached and revealed...

TYPO3多个远程安全漏洞

BUGTRAQ ID: 33376 Typo3是开源内容管理系统（CMS）和内容管理框架（CMF）。 Typo3的实现上存在多个远程安全漏洞，可能导致用户控制Typo3或运行其上的操作系统。包括： 1. 创建弱的加密密钥 2. 认证绕过 3. 不安全的会话管理 4. 跨站脚本执行 5. 远程命令执行 TYPO3版本低于4.0.10、4.1.8、4.2.4的软件受漏洞影响。 TYPO3 TYPO3 ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://typo3.org/...