Lucene search
K

431 matches found

EUVD
EUVD
added 2026/03/05 3:31 a.m.6 views

EUVD-2025-208297

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.9AI score0.00583EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 1:24 a.m.12 views

CVE-2025-40926

Summary of vulnerability (CVE-2025-40926) : Plack::Middleware::Session::Simple for Perl versions before 0.05 generates session IDs insecurely. The default generator uses a SHA-1 hash seeded with the built-in rand() function, the epoch time, and the process ID (PID). The PID comes from a small set...

9.8CVSS5.7AI score0.00433EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

Apache::Session::Generate::MD5 安全漏洞

Apache::Session::Generate::MD5 is a session management module provided by the Apache Foundation. Versions of Apache::Session::Generate::MD5 prior to 1.94 contained security vulnerabilities. These vulnerabilities stemmed from the use of insecure random number generators for generating session IDs,...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23117

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Simple versions through 0.04 Description The software generates session IDs insecurely. The default session ID generator uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-23118

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::MD5 versions through 1.94 Description The software generates session IDs insecurely. The default session ID generator uses an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. T...

9.1CVSS5.7AI score0.00583EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/03/02 12:28 a.m.8 views

SUSE CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.7AI score0.002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.5 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.5 views

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

6.5CVSS6.1AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:56 a.m.4 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.9AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:31 p.m.8 views

EUVD-2026-9063

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

5.9AI score0.00418EPSS
Exploits0References5
OSV
OSV
added 2026/02/27 8:21 p.m.6 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2026/02/27 8:12 p.m.24 views

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

0.00418EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 8:12 p.m.4 views

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

5.9AI score0.00418EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:12 p.m.4 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 1:16 a.m.10 views

CVE-2026-26290

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

9.8CVSS0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 12:31 a.m.6 views

EUVD-2025-208124

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.5AI score0.002EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 12:16 a.m.4 views

DEBIAN-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 12:16 a.m.8 views

UBUNTU-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Apache::SessionX 安全漏洞

Apache::SessionX is a session management module developed by GRICHTER’s individual developers. Versions of Apache::SessionX 2.01 and earlier contained security vulnerabilities, which stemmed from the unsafe creation of session IDs. This could lead to unauthorized system access...

8.2CVSS5.8AI score0.002EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References3
Rows per page
Query Builder