CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

May 3, 2025

CVE ID : CVE-2024-58135

Published : May 3, 2025, 11:15 a.m. | 52 minutes ago

Description : Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.

When creating a default app with the “mojo generate app” tool, a weak secret is written to the application’s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application’s sessions. This may allow an attacker to brute force the application’s session keys.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4226 – PHPGurukul Cyber Cafe Management System SQL Injection Vulnerability

Next Article LLMs Can Now Reason in Parallel: UC Berkeley and UCSF Researchers Introduce Adaptive Parallel Reasoning to Scale Inference Efficiently Without Exceeding Context Windows

Highlights

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

May 5, 2025

CVE ID : CVE-2025-43845

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Using the Old Bean

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Manipulate Image URLs in Laravel with the Image Transform Package

Manipulate Image URLs in Laravel with the Image Transform Package

How cron and Task Scheduler work in Laravel

Laravel: Import Very Large CSV With Jobs and Queues

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

BrosTrend 5 Port 2.5GB Switch Review

Cuneo is a widget-like calculator and conversion tool

CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

CVE-2005-2347 – CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Track Moon Phases From Your Ubuntu Desktop With Luna

CVE-2025-4010: ONEKEY Uncovers Critical Remote Code Execution Flaw in Netcomm/Lantronix 4G Gateways

CVE-2025-46565 – Vite File Pattern Denial of Service

Google confirms Gemini for Chrome on Windows 11, teases big AI upgrade

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

CVE-2025-4318 – Amazon Amplify Studio Unvalidated Property Expression Vulnerability

GitHub Issues search now supports nested queries and boolean operators: Here’s how we (re)built it

Chrome Use-After-Free Vulnerabilities Exploited in the Wild

CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

Related Posts