PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

CVE-2025-40926

Summary of vulnerability (CVE-2025-40926) : Plack::Middleware::Session::Simple for Perl versions before 0.05 generates session IDs insecurely. The default generator uses a SHA-1 hash seeded with the built-in rand() function, the epoch time, and the process ID (PID). The PID comes from a small set...

CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

PHP 32 bit weak random seed

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...