CWE-340
40 CVEs classified under CWE-340. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5081 | Critical | 9.1 | 2026-05-06 | Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in ver… |
CVE-2024-7558 | High | 8.7 | 2024-10-02 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the… |
CVE-2026-4269 | High | 7.5 | 2026-03-16 | A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build pr… |
CVE-2024-52299 | High | 7.5 | 2024-11-13 | macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in th… |
CVE-2026-8503 | Medium | 6.5 | 2026-05-15 | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecur… |
CVE-2026-5084 | Medium | 6.5 | 2026-05-11 | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded wit… |
CVE-2025-13044 | Medium | 6.2 | 2026-04-07 | IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. |
CVE-2026-5080 | Medium | 5.9 | 2026-04-30 | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints… |
CVE-2025-59452 | Medium | 5.8 | 2025-10-06 | The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, su… |
CVE-2025-0218 | Medium | 5.5 | 2025-01-07 | When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficient… |
CVE-2025-58424 | Medium | 5.3 | 2025-10-15 | On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection… |
CVE-2024-12034 | Medium | 5.3 | 2024-12-24 | The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not uti… |
CVE-2021-29480 | Medium | 4.4 | 2021-06-29 | Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing… |
CVE-2025-3449 | Medium | 4.2 | 2025-10-07 | A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticate… |
CVE-2026-40496 | | 2026-04-21 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable f… | |
CVE-2026-5085 | | 2026-04-13 | Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch tim… | |
CVE-2026-5083 | | 2026-04-08 | Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand func… | |
CVE-2026-5082 | | 2026-04-08 | Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate_session_id function will attempt to re… | |
CVE-2026-28810 | | 2026-04-07 | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS r… | |
CVE-2026-3256 | | 2026-03-28 | HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to ge… |