Lucene search
K

434 matches found

EUVD
EUVD
added 2026/04/08 6:31 a.m.9 views

EUVD-2026-20060

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

9.8CVSS5.9AI score0.00521EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 6:16 a.m.10 views

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.3CVSS0.00428EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 5:53 a.m.23 views

CVE-2026-5083 Ado::Sessions versions through 0.935 for Perl generates insecure session ids

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

0.00428EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 5:53 a.m.16 views

CVE-2026-5083

CVE-2026-5083 affects the Perl module Ado::Sessions up to version 0.935. The vulnerability stems from generating session IDs with a SHA-1 hash seeded by the built-in rand() function, the epoch time, and the PID. The PID comes from a small set of numbers, and the epoch time may be guessed if not l...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/08 5:48 a.m.21 views

CVE-2026-5082 Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.13 views

PT-2026-31088

Name of the Vulnerable Software and Affected Versions Ado::Sessions versions through 0.935 Description The Ado::Sessions Perl module generates insecure session IDs. The session ID is created using a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Ado::Sessions 安全漏洞

Ado::Sessions is a lightweight Perl-based web application development framework developed by. Versions of Ado::Sessions prior to 0.935 contained security vulnerabilities; these vulnerabilities stemmed from the generation of insecure session IDs, which could lead to session hijacking...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Amon2::Plugin::Web::CSRFDefender 安全漏洞

Amon2::Plugin::Web::CSRFDefender is a web security plugin developed by TOKUHIROM as an individual developer. There are security vulnerabilities in versions 7.00 to 7.03 of Amon2::Plugin::Web::CSRFDefender. These vulnerabilities stem from the generation of insecure session IDs, which may lead to...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References3
NVD
NVD
added 2026/04/06 10:16 p.m.7 views

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS0.00332EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:46 p.m.3 views

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

5.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/03/31 4:23 p.m.140 views

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

🔍 CVE-2026-3055 Scanner - NetScaler Memory Overread Detection...

9.8CVSS5.8AI score0.83996EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/03/30 10:54 a.m.5 views

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References1
NVD
NVD
added 2026/03/28 7:16 p.m.8 views

CVE-2026-3256

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

9.8CVSS0.0053EPSS
Exploits0References5
CVE
CVE
added 2026/03/28 6:52 p.m.15 views

CVE-2026-3256

The CVE-2026-3256 issue affects the HTTP::Session Perl module (versions through 0.53). The root cause is insecure session ID generation: HTTP::Session::ID::SHA1 creates IDs by hashing a seed composed of the built-in rand() value, high-resolution epoch time, and the process ID. The PID comes from ...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/28 6:43 p.m.25 views

CVE-2025-15604

Summary (CVE-2025-15604) Amon2 for Perl with vulnerable random_string implementation affects versions before 6.17. In 6.06–6.16, random_string reads /dev/urandom if available; if not, it falls back to a SHA-1 hash seeded with rand(), the PID, and the high-resolution epoch time. The epoch time can...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from fixed session IDs and bypasses of session regeneration, which could lead ...

7.3CVSS5.8AI score0.00296EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26467

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS5.8AI score0.00393EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 12:20 a.m.16 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS5.8AI score0.00495EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 4:16 p.m.13 views

CVE-2026-27764

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

8.6CVSS0.00295EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.8 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References1
Rows per page
Query Builder