Lucene search
K

431 matches found

CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

EV2GO 代码问题漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has code-related vulnerabilities; these vulnerabilities stem from the predictable WebSocket backend session identifiers, which allow multiple endpoints to use the same session identifie...

7.5CVSS5.8AI score0.00356EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

HTTP::Session2 安全漏洞

HTTP::Session2 is a Perl package developed by Tokuhiro Matsuno. Versions of HTTP::Session2 prior to version 1.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of the rand function to generate weak session IDs, which could lead to the prediction of session IDs...

6.5CVSS5.8AI score0.00418EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/26 11:33 p.m.2 views

CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

5.9AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 4:24 p.m.3 views

CVE-2026-27515

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

9.1CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/02/16 10:22 p.m.5 views

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

9.8CVSS0.00403EPSS
Exploits0References5
NVD
NVD
added 2026/02/16 10:22 p.m.8 views

CVE-2025-15578

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

9.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 9:25 p.m.28 views

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

0.00403EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/16 9:18 p.m.6 views

CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

5.5AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 9:18 p.m.26 views

CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.10 views

PT-2026-8387

Name of the Vulnerable Software and Affected Versions Concierge::Sessions versions 0.8.1 through 0.8.4 Description The generate session id function within Concierge::Sessions::Base defaults to insecure methods for generating session identifiers. Specifically, it uses the uuidgen command, which ma...

9.8CVSS5.4AI score0.00403EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.8 views

CVE-2025-40925

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

9.1CVSS6.9AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.22 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS6.9AI score0.01696EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.5 views

CVE-1999-0699

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...

7.5CVSS7AI score0.01144EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 4:15 p.m.11 views

CVE-2020-36925

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS0.00595EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.14 views

PT-2026-1458

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS6.7AI score0.00595EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/10/30 6:4 p.m.4 views

CVE-2025-64100

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

6.1CVSS6.6AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:2 p.m.5 views

GO-2025-4055 Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server

Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server...

6.5CVSS7AI score0.00722EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/28 3:30 p.m.4 views

EUVD-2025-36502

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.9AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2001-1265

Malware in sbrugna...

7.5CVSS6.4AI score0.02238EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2899

Malware in sbrugna...

6.1CVSS6.1AI score0.01631EPSS
Exploits0References4
Rows per page
Query Builder