Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13365

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00473EPSS
Exploits1References8
Amazon
Amazon
added 2025/06/02 12:0 a.m.4 views

Important: perl-Mojolicious

Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...

8.1CVSS6.8AI score0.00473EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.7 views

Fedora 41 : perl-Mojolicious (2025-c38fd06bec)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c38fd06bec advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by...

8.1CVSS6.6AI score0.00459EPSS
Exploits1References2
CVE
CVE
added 2025/05/03 10:16 a.m.88 views

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

5.3CVSS6.3AI score0.00473EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2025/05/03 10:16 a.m.12 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.5AI score0.00473EPSS
Exploits1References17
Vulnrichment
Vulnrichment
added 2025/05/03 10:16 a.m.12 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

6.3AI score0.00473EPSS
Exploits1References13
Debian CVE
Debian CVE
added 2025/05/03 10:16 a.m.9 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.3AI score0.00473EPSS
Exploits1
Rows per page
Query Builder