CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

July 17, 2025

CVE ID : CVE-2025-40924

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.

The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-51630 – TOTOLINK N350RT Buffer Overflow Vulnerability

Next Article CVE-2025-1713 – Intel PCI Interrupt Remapping Deadlock Vulnerability

Highlights

CVE-2025-4590 – Daisycon prijsvergelijkers WordPress Stored Cross-Site Scripting Vulnerability

May 31, 2025

CVE ID : CVE-2025-4590

Published : May 31, 2025, 7:15 a.m. | 2 hours, 27 minutes ago

Description : The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘daisycon_uitvaart’ shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Meet BioReason: The World’s First Reasoning Model in Biology that Enables AI to Reason about Genomics like a Biology Expert

VS slaat alarm over ransomware-aanvallen via SimpleHelp-lek

Halo Studios teases major reveal in October, promises big update at World Championship

CVE-2025-23105 – Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability

CVE-2025-4590 – Daisycon prijsvergelijkers WordPress Stored Cross-Site Scripting Vulnerability

Type mismatch: cannot convert from void to String [closed]

Revolutionizing Renewable Energy: How Blockchain is Powering the Future

j-Importer – Total.js

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Related Posts