Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-38968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak...

9.8CVSS6AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.18 views

CVE-2026-38968

ntopng (through 6.6) is reported vulnerable to a Predictable Session Identifier flaw. The issue occurs in HTTPsession creation within src/HTTPserver.cpp, where time-seeded pseudo-randomness can yield deterministic or colliding cookies, enabling session hijacking under attacker-controlled timing. ...

9.8CVSS5.8AI score0.00379EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.47 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS6AI score0.00379EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Netatalk 安全特征问题漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk contained security vulnerabilities. These vulnerabilities stemmed from the generation of...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 8:16 a.m.19 views

CVE-2026-5084

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

6.5CVSS0.00304EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

CTEK Chargeportal 代码问题漏洞

CTEK Chargeportal is an electric vehicle charging management platform developed by the Swedish company CTEK. CTEK Chargeportal has code-related vulnerabilities; these vulnerabilities stem from the predictable nature of session identifiers and the ability for multiple endpoints to use the same...

7.3CVSS5.8AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/03/07 1:15 a.m.13 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/07 12:20 a.m.36 views

CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS0.00495EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 12:20 a.m.2 views

CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS5.8AI score0.00495EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.11 views

ePower 代码问题漏洞

ePower is an electric vehicle charging station system owned by the Irish company ePower. ePower has a code vulnerability that stems from the predictable nature of session identifiers and the ability for multiple endpoints to use the same identifier to connect, which may lead to session hijacking ...

8.6CVSS5.8AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

Plack::Middleware::Session::Simple 安全漏洞

Plack::Middleware::Session::Simple is a lightweight session management middleware developed by Masahiro Nagano. Versions of Plack::Middleware::Session::Simple prior to 0.04 contained security vulnerabilities, which stemmed from the use of insecure random number generators for generating session...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References6
CVE
CVE
added 2026/02/26 11:33 p.m.18 views

CVE-2025-40932

Apache::SessionX for Perl up to version 2.01 uses a default MD5-based session-id generator that seeds the MD5 with the built-in rand(), the epoch time, and the PID. This yields predictable, low-entropy session identifiers because rand() is not cryptographically secure and the epoch/PID have limit...

8.2CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22228

Name of the Vulnerable Software and Affected Versions Apache::SessionX versions through 2.01 Description Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

8.2CVSS5.9AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.6 views

CVE-2026-27515

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

9.3CVSS5.4AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 4:24 p.m.21 views

CVE-2026-27515

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

9.3CVSS0.00321EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 3:4 p.m.3 views

CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

9.3CVSS5.9AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

Binardat 10G08-0800GSM 安全特征问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The previous versions of Binardat 10G08-0800GSM Network SwitchV300SP10260209 had security feature vulnerabilities. These vulnerabilities stemmed from the use of the Web management interface to generate...

9.3CVSS5.8AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4091

Malware in sbrugna...

7.5CVSS6.4AI score0.01714EPSS
Exploits0References8
Rows per page
Query Builder