Lucene search
K

23 matches found

CVE
CVE
added 2026/07/01 6:46 a.m.22 views

CVE-2026-56016

CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:0 a.m.2 views

OPENSUSE-SU-2026:11168-1 perl-CGI-Session-4.490.0-1.1 on GA media

These are all security issues fixed in the perl-CGI-Session-4.490.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from ...

5.9CVSS6AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 12:17 p.m.13 views

UBUNTU-CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00583EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/08 9:31 a.m.11 views

EUVD-2013-7294

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:44 a.m.7 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

5.8AI score0.00356EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 12:16 p.m.16 views

CVE-2026-5081

The CVE-2026-5081 entry concerns Apache::Session::Generate::ModUniqueId for Perl. Affected versions: 1.54 through 1.94 use the UNIQUE_ID environment variable (set by mod_unique_id) as the session id. The UNIQUE_ID is built from the request’s IPv4 address, process id, epoch time, a 16-bit counter,...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/06 12:16 p.m.36 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 12:16 p.m.7 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

5.8AI score0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37627

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...

9.1CVSS6AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/30 10:54 a.m.4 views

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/28 6:52 p.m.39 views

CVE-2026-3256 HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

0.0053EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.7 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2025-40926

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 2:16 a.m.8 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS0.00583EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/05 1:41 a.m.6 views

CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

5.8AI score0.00583EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/05 1:41 a.m.5 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References10
CVE
CVE
added 2026/03/05 1:41 a.m.31 views

CVE-2025-40931

Apache::Session::Generate::MD5 (versions through 1.94 for Perl) creates insecure session IDs. The default generator returns a MD5 hash seeded with the built-in rand(), the epoch time, and the PID; the PID comes from a small set, and the epoch time may be guessed if not leaked. Built-in rand() is ...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/05 12:0 a.m.7 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References4
Rows per page
Query Builder