Lucene search
K

176 matches found

EUVD
EUVD
added 2026/04/13 9:31 a.m.11 views

EUVD-2026-21885

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.7AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/04/13 7:16 a.m.6 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 6:56 a.m.2 views

CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/13 6:56 a.m.27 views

CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 6:56 a.m.14 views

CVE-2026-5085

CVE-2026-5085 affects Solstice::Session (Perl) versions through 1440. The root cause is insecure session ID generation in _generateSessionID (and _generateID in Solstice::Subsession), which uses an MD5 digest seeded by the epoch time, a random hash reference, the built-in rand() (seeded with 16 b...

9.1CVSS5.7AI score0.00339EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:56 a.m.3 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Solstice::Session 安全漏洞

Solstice::Session is a server-side session component developed by MCRAWFOR’s developers, used to manage user sessions and request states. Versions of Solstice::Session prior to 1440 contained security vulnerabilities, which stemmed from insecure session ID generation, potentially allowing attacke...

9.1CVSS5.8AI score0.00339EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/14 8:51 p.m.7 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS6.8AI score0.00275EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 9:16 p.m.4 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4
NVD
NVD
added 2025/12/04 9:16 p.m.13 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS0.00275EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/04 8:45 p.m.9 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.4AI score0.00275EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 8:45 p.m.21 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS0.00275EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/04 8:45 p.m.5 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/04 8:45 p.m.17 views

CVE-2025-66573

Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...

7.5CVSS6.4AI score0.00275EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.9 views

Mersive Solstice Pod API 安全漏洞

The Mersive Solstice Pod API is an application programming interface from Mersive USA. A security vulnerability exists in Mersive Solstice Pod API versions 5.5 and 6.2, which originates from an unauthenticated api/config endpoint that exposes sensitive information, potentially leading to session...

7.5CVSS6.5AI score0.00275EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-1999-1407

Malware in sbrugna...

6.2CVSS6.4AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2000-0068

Malware in sbrugna...

2.1CVSS6.4AI score0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-23250

Malware in sbrugna...

5.9CVSS6AI score0.00752EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-20033

Malware in sbrugna...

7.5CVSS7.5AI score0.02008EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23251

Malware in sbrugna...

7.5CVSS7.5AI score0.01352EPSS
Exploits1References4
Rows per page
Query Builder