191 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-38968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak...
CVE-2026-38968
ntopng (through 6.6) is reported vulnerable to a Predictable Session Identifier flaw. The issue occurs in HTTPsession creation within src/HTTPserver.cpp, where time-seeded pseudo-randomness can yield deterministic or colliding cookies, enabling session hijacking under attacker-controlled timing. ...
CVE-2026-38968
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...
CVE-2026-38968
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...
EUVD-2026-40927
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...
Linux Distros Unpatched Vulnerability : CVE-2026-56016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from ...
ManageEngine ADSelfService Plus < Build 6529 Account Takeover (CVE-2026-11374)
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6529. It is, therefore, affected by an account takeover vulnerability: - The SSO tickets generated to authenticate a session could be predicted by an unauthenticate...
CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
CVE-2026-5084
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
CVE-2026-44054 Predictable afpd session token
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...
Netatalk 安全特征问题漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk contained security vulnerabilities. These vulnerabilities stemmed from the generation of...
CVE-2026-42155
Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...
CVE-2026-5084
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
Linux Distros Unpatched Vulnerability : CVE-2026-5080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints o...
CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
Dancer::Session::Abstract 安全特征问题漏洞
Dancer::Session::Abstract is an abstract module for session management developed by BIGPRESH’s individual developers. Versions of Dancer::Session::Abstract prior to 1.3522 have security vulnerabilities. These vulnerabilities stem from insecure session ID generation, which could allow attackers to...
CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
CVE-2026-5083
CVE-2026-5083 affects the Perl module Ado::Sessions up to version 0.935. The vulnerability stems from generating session IDs with a SHA-1 hash seeded by the built-in rand() function, the epoch time, and the PID. The PID comes from a small set of numbers, and the epoch time may be guessed if not l...
PT-2026-31088
Name of the Vulnerable Software and Affected Versions Ado::Sessions versions through 0.935 Description The Ado::Sessions Perl module generates insecure session IDs. The session ID is created using a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...
CTEK Chargeportal 代码问题漏洞
CTEK Chargeportal is an electric vehicle charging management platform developed by the Swedish company CTEK. CTEK Chargeportal has code-related vulnerabilities; these vulnerabilities stem from the predictable nature of session identifiers and the ability for multiple endpoints to use the same...