83899 matches found
CVE-2025-40931
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...
PT-2026-23118
Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::MD5 versions through 1.94 Description The software generates session IDs insecurely. The default session ID generator uses an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. T...
Net::NSCA::Client 安全漏洞
Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...
PT-2026-23125
Name of the Vulnerable Software and Affected Versions Net::NSCA::Client versions through 0.009002 Description Net::NSCA::Client for Perl utilizes an inadequate random number generator. Version 0.003 transitioned to using Data::Rand::Obscure instead of Crypt::Random for generating initialization...
PT-2026-23117
Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Simple versions through 0.04 Description The software generates session IDs insecurely. The default session ID generator uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID...
AegisUI: Behavioral Anomaly Detection for Structured User Interface Protocols in AI Agent Systems
AI agents that build user interfaces on the fly assembling buttons, forms, and data displays from structured protocol payloads are becoming common in production systems. The trouble is that a payload can pass every schema check and still trick a user: a button might say "View invoice" while its...
RUSTSEC-2026-0075 All-Zero Key Generation on Catastrophic RNG Failure
The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...
Breaking Bad Email Habits: Bounding the Impact of Simulated Phishing Campaigns
Simulated phishing campaigns are widely deployed, yet the behavioral data they produce is endogenous: because training is triggered by clicking, the employees receiving intervention have already demonstrated susceptibility. This endogeneity, combined with the difficulty of separating genuine habi...
SUSE CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
EUVD-2026-9063
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
CVE-2026-2597
Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
DEBIAN-CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
PT-2026-22392
Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions prior to 1.12 Description The software may generate weak session IDs using the rand function. The session ID generator returns a SHA-1 hash seeded with the rand function, epoch time, and the process ID PID. The rand...