431 matches found
EV2GO 代码问题漏洞
EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has code-related vulnerabilities; these vulnerabilities stem from the predictable WebSocket backend session identifiers, which allow multiple endpoints to use the same session identifie...
HTTP::Session2 安全漏洞
HTTP::Session2 is a Perl package developed by Tokuhiro Matsuno. Versions of HTTP::Session2 prior to version 1.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of the rand function to generate weak session IDs, which could lead to the prediction of session IDs...
CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-2439
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...
CVE-2025-15578
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...
CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...
CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...
CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...
PT-2026-8387
Name of the Vulnerable Software and Affected Versions Concierge::Sessions versions 0.8.1 through 0.8.4 Description The generate session id function within Concierge::Sessions::Base defaults to insecure methods for generating session identifiers. Specifically, it uses the uuidgen command, which ma...
CVE-2025-40925
Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-1999-0699
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs...
CVE-2020-36925
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
PT-2026-1458
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
CVE-2025-64100
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...
GO-2025-4055 Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server
Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server...
EUVD-2025-36502
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
EUVD-2001-1265
Malware in sbrugna...
EUVD-2014-2899
Malware in sbrugna...