CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2026/03/01 1:43 a.m.•1 views

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

6.5CVSS5.9AI score0.00019EPSS

Exploits0References1

EUVD•added 2026/02/27 9:31 p.m.•4 views

EUVD-2026-9063

5.9AI score0.00019EPSS

Exploits0References5

OSV•added 2026/02/27 8:21 p.m.•2 views

CVE-2026-3255

6.5CVSS5.9AI score

Exploits0References5

Cvelist•added 2026/02/27 8:12 p.m.•20 views

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

0.00019EPSS

Exploits0References4

ATTACKERKB•added 2026/02/27 8:12 p.m.•2 views

CVE-2026-3255

6.5CVSS5.9AI score0.00019EPSS

Exploits0References5

CNNVD•added 2026/02/27 12:0 a.m.•3 views

HTTP::Session2 安全漏洞

HTTP::Session2 is a Perl package developed by Tokuhiro Matsuno. Versions of HTTP::Session2 prior to version 1.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of the rand function to generate weak session IDs, which could lead to the prediction of session IDs...

6.5CVSS5.8AI score0.00019EPSS

Exploits0References6

NVD•added 2026/01/06 4:15 p.m.•6 views

CVE-2020-36925

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS0.00609EPSS

Exploits1References8

Positive Technologies•added 2026/01/06 12:0 a.m.•4 views

PT-2026-1458

9.8CVSS6.7AI score0.00609EPSS

Exploits1References9

OSV•added 2023/03/31 5:15 p.m.•2 views

DEBIAN-CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

9.8CVSS8.6AI score0.00075EPSS

Exploits1References1

OSV•added 2020/02/06 4:15 p.m.•3 views

CVE-2014-2875

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID...

6.1CVSS6.8AI score

Exploits0References4

NVD•added 2020/02/06 4:15 p.m.•12 views

CVE-2014-2875

6.1CVSS6.2AI score0.00573EPSS

Exploits0References3

Cvelist•added 2020/02/06 3:26 p.m.•13 views

CVE-2014-2875

6.2AI score0.00573EPSS

Exploits0References3

CVE•added 2020/02/06 3:26 p.m.•42 views

CVE-2014-2875

CVE-2014-2875 refers to the session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2, which uses weak session IDs generated from OS time. This allows remote attackers to hijack arbitrary sessions via brute-force guessing. The issue is documented as a split from CVE-2014-10399 and CVE-2014-10400....

6.1CVSS6.1AI score0.00573EPSS

Exploits0References3Affected Software1

Debian CVE•added 2020/02/06 3:26 p.m.•12 views

CVE-2014-2875

6.1CVSS6.2AI score0.00573EPSS

Exploits0

Tenable Nessus•added 2015/10/08 12:0 a.m.•25 views

OrientDB < 2.0.7 / 2.1.0 Weak Session IDs

The version of OrientDB running on the remote host is prior to 2.0.7 or 2.1.0. It is, therefore, affected by a weak session ID flaw due to usage of the Java library java.util.Random. An unauthenticated, remote attacker can exploit this to predict session IDs to facilitate brute-force attacks. Som...

5.9CVSS6.7AI score0.00497EPSS

Exploits0References1

securityvulns•added 2010/11/18 12:0 a.m.•51 views

Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038

Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...

10CVSS0.1AI score0.02295EPSS

Exploits0

Tenable Nessus•added 2010/02/24 12:0 a.m.•19 views

Debian DSA-1994-1 : ajaxterm - weak session IDs

It was discovered that Ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses Ajaxterm. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

6.8CVSS5.3AI score0.00989EPSS

Exploits1References2

OpenVAS•added 2010/02/18 12:0 a.m.•16 views

Debian Security Advisory DSA 1994-1 (ajaxterm)

The remote host is missing an update to ajaxterm announced via advisory DSA 1994-1. OpenVAS Vulnerability Test $Id: deb19941.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 1994-1 ajaxterm Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

6.8CVSS6.5AI score0.00989EPSS

Exploits1

Debian•added 2010/02/11 6:47 p.m.•22 views

[SECURITY] [DSA 1994-1] New ajaxterm packages fix session hijacking

------------------------------------------------------------------------ Debian Security Advisory DSA-1994-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 11, 2010 http://www.debian.org/security/faq -...

6.8CVSS6.2AI score0.00989EPSS

Exploits1

OSV•added 2010/02/11 12:0 a.m.•7 views

DSA-1994-1 ajaxterm - session hijacking

Bulletin has no description...

6.8CVSS6.3AI score0.00989EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by