Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00128EPSS
Exploits1References6
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 8:16 a.m.4 views

UBUNTU-CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 6:46 a.m.37 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52598

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...

7.3CVSS5.7AI score0.00246EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 3:16 p.m.20 views

CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.8 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 11:2 p.m.9 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers due to the use of a predictable pseudo-random number generator for DNS transaction IDs and a default static UDP source port in the DNS resolution process. An attacker can redirect network...

6.9CVSS5.5AI score0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:39 a.m.10 views

CVE-2026-50213

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.24 views

PT-2026-46165

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The account validation endpoint '/v1/User/validate' exposes comprehensive user profile data sheets. This information can be accessed without authentication and...

8.7CVSS5.5AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.14 views

CVE-2026-44054

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/15 12:17 p.m.16 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/15 11:6 a.m.18 views

EUVD-2026-30536

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41294

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References8
NVD
NVD
added 2026/04/30 12:16 p.m.15 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS0.00374EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 11:49 a.m.12 views

CVE-2026-5080

CVE-2026-5080 affects Dancer::Session::Abstract for Perl up to version 1.3522. The insecure session IDs are generated by summing the absolute pathname’s character codepoints with the process ID, epoch time, and multiple rand() calls, then concatenating the result three times. Factors such as know...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 11:49 a.m.4 views

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.3AI score0.00374EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:56 a.m.3 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.13 views

PT-2026-32282

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 6:35 p.m.4 views

CVE-2026-28810

A flaw was found in Erlang/OTP kernel. The built-in DNS resolver inetres uses predictable 16-bit transaction IDs and lacks source port randomization. A remote attacker can exploit this by observing or predicting DNS query IDs, leading to DNS cache poisoning. This allows the attacker to redirect...

6.3CVSS5.8AI score0.00269EPSS
Exploits0References10
Rows per page
Query Builder