Lucene search
+L

448 matches found

nvd
nvd
added 2026/03/06 12:16 a.m.11 views

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

8.6CVSS0.00386EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.8 views

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

8.6CVSS5.8AI score0.00295EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.10 views

PT-2026-23711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.19 views

Everon 代码问题漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There are code vulnerabilities in Everon, which stem from the WebSocket backend’s use of predictable session identifiers. These vulnerabilities may lead to session hijacking or shadow attacks, ultimately...

8.6CVSS5.9AI score0.00252EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.13 views

ePower 代码问题漏洞

ePower is an electric vehicle charging station system owned by the Irish company ePower. ePower has a code vulnerability that stems from the predictable nature of session identifiers and the ability for multiple endpoints to use the same identifier to connect, which may lead to session hijacking ...

8.6CVSS5.8AI score0.00386EPSS
Exploits0References3
cve
cve
added 2026/03/05 11:38 p.m.24 views

CVE-2026-24912

CVE-2026-24912 affects ePower epower.ie WebSocket backend used for charging stations. The backend associates sessions by station identifiers, but allows multiple endpoints to use the same session identifier, producing predictable session IDs. This enables session hijacking/shadowing where a newer...

8.6CVSS6AI score0.00386EPSS
Exploits0References3Affected Software1
susecve
susecve
added 2026/03/05 2:3 p.m.7 views

SUSE CVE-2025-40926

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

9.8CVSS5.7AI score0.00433EPSS
Exploits0References3
debiancve
debiancve
added 2026/03/05 1:41 a.m.8 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.3AI score0.00583EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/03/05 1:41 a.m.6 views

CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

5.8AI score0.00583EPSS
Exploits0References9
ubuntucve
ubuntucve
added 2026/03/05 12:0 a.m.7 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/05 12:0 a.m.12 views

Plack::Middleware::Session::Simple 安全漏洞

Plack::Middleware::Session::Simple is a lightweight session management middleware developed by Masahiro Nagano. Versions of Plack::Middleware::Session::Simple prior to 0.04 contained security vulnerabilities, which stemmed from the use of insecure random number generators for generating session...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/05 12:0 a.m.11 views

PT-2026-23581

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable...

7.3CVSS5.8AI score0.00386EPSS
Exploits0References6
nessus
nessus
added 2026/03/01 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-40932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator ...

8.2CVSS5.5AI score0.002EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/02/28 1:55 a.m.6 views

CVE-2026-25778

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS6AI score0.00313EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/28 1:55 a.m.6 views

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS6AI score0.00324EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/28 1:55 a.m.5 views

CVE-2026-27652

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS6AI score0.00313EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/28 1:54 a.m.6 views

CVE-2026-26290

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

9.8CVSS6AI score0.00336EPSS
Exploits0References1
euvd
euvd
added 2026/02/27 9:31 p.m.6 views

EUVD-2026-9045

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

9.8CVSS5.9AI score0.00402EPSS
Exploits0References3
nvd
nvd
added 2026/02/27 7:16 p.m.11 views

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

9.8CVSS0.00402EPSS
Exploits0References2
osv
osv
added 2026/02/27 7:16 p.m.3 views

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References2
Rows per page
Query Builder