Lucene search
+L

151 matches found

CVE
CVE
added 2025/10/07 6:21 p.m.11 views

CVE-2025-3449

The CVE-2025-3449 issue affects the SDM component of B&R Automation Runtime, before version 6.4. Root cause: generation of predictable numbers/identifiers that can be exploited by an unauthenticated, network-based attacker. Impact: potential takeover of already established sessions. Documented in...

4.2CVSS6.6AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 6:21 p.m.10 views

CVE-2025-3449 Weak Session Token used in Automation Runtime SDM

A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...

4.2CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-3223

Malware in sbrugna...

7.5CVSS6.4AI score0.02344EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-27739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE...

9.8CVSS7.1AI score0.01814EPSS
Exploits1References2
CVE
CVE
added 2025/06/24 2:2 a.m.32 views

CVE-2025-48461

CVE-2025-48461 involves weak, predictable session cookies that enable an unauthenticated attacker to perform brute‑force guessing and account takeover, potentially gaining root/admin/user access and resetting passwords. Connected sources reference affected Advantech industrial controllers (WISE-4...

5CVSS5.4AI score0.0043EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.6 views

NCR Atleos Terminal Handler 安全漏洞

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1 that stems from insufficient session cookie...

8.1CVSS6.8AI score0.0029EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.9 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS7.1AI score0.01814EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 p.m.6 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS6.7AI score0.01588EPSS
Exploits0References1
OSV
OSV
added 2025/05/03 11:15 a.m.9 views

AZL-61741 CVE-2024-58135 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

5.3CVSS5.8AI score0.00473EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/03 11:15 a.m.6 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.3AI score0.00473EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2025/05/03 11:15 a.m.3 views

DEBIAN-CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.3AI score0.00473EPSS
Exploits1References1
CVE
CVE
added 2025/05/03 10:16 a.m.91 views

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

5.3CVSS6.3AI score0.00473EPSS
Exploits1References13Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/03 10:16 a.m.13 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

6.3AI score0.00473EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.7 views

Mojolicious 安全漏洞

Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of an insecure rand function to generate weak HMAC session keys, which could lead to brute-force breaking of session keys...

5.3CVSS6.2AI score0.00473EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.3 views

Delta Electronics COMMGR 安全漏洞

Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...

9.8CVSS7.6AI score0.00667EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/29 12:0 a.m.5 views

ABB FLXeon 安全漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...

9.4CVSS6.7AI score0.00888EPSS
Exploits4References2
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.5 views

IBM Security Verify Directory和IBM Security Directory Integrator 代码问题漏洞

IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...

7.5CVSS7.7AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.7 views

PT-2024-23074

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...

9.8CVSS6.6AI score0.00583EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Totolink N350RT 代码问题漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...

5.3CVSS6.7AI score0.00591EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.17 views

Dell iDRAC6 Improperly Implemented Security Check for Standard (CVE-2018-1243)

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers t...

7.5CVSS7.6AI score0.01818EPSS
Exploits0References2
Rows per page
Query Builder