Weaknesses of type CWE-340
46 resultsCVE-2026-11374CRITICALAccount Takeover via Predictable SSO Ticket GenerationEPSS 1.2%CVE-2024-47945CRITICALPredictable Session IDEPSS 0.9%CVE-2024-28957MEDIUMGeneration of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote uEPSS 0.8%CVE-2020-1905—Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, wEPSS 0.6%CVE-2025-40931CRITICALApache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session idEPSS 0.6%CVE-2026-3256CRITICALHTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session idsEPSS 0.5%CVE-2025-15604CRITICALAmon2 versions before 6.17 for Perl use an insecure random_string implementation for security functionsEPSS 0.5%CVE-2024-52299HIGHThe PDF viewer macro allows accessing any attachment without access right checksEPSS 0.5%CVE-2024-7558HIGHJUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unpriEPSS 0.5%CVE-2025-69286HIGHRAGFlow has Predictable Token Generation Leading to Authentication Bypass VulnerabilityEPSS 0.5%CVE-2026-2473HIGHBucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.EPSS 0.4%CVE-2025-40926CRITICALPlack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurelyEPSS 0.4%CVE-2026-5083MEDIUMAdo::Sessions versions through 0.935 for Perl generates insecure session idsEPSS 0.4%CVE-2026-3255MEDIUMHTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() functionEPSS 0.4%CVE-2025-59452MEDIUMThe YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secEPSS 0.4%CVE-2026-5082MEDIUMAmon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session idEPSS 0.4%CVE-2026-2439CRITICALConcierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session idsEPSS 0.4%CVE-2026-40496HIGHFreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute ForceEPSS 0.4%CVE-2025-40918MEDIUMAuthen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurelyEPSS 0.4%CVE-2025-40920HIGHCatalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated noncesEPSS 0.4%