Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-340 (可预测问题) — Vulnerability Class 33

33 vulnerabilities classified as CWE-340 (可预测问题). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely — Solstice::Session 7.5 -2026-04-13
CVE-2026-5083 Ado::Sessions versions through 0.935 for Perl generates insecure session ids — Ado::Sessions 9.1AICriticalAI2026-04-08
CVE-2026-5082 Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id — Amon2::Plugin::Web::CSRFDefender 7.5AIHighAI2026-04-08
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver — OTP 5.0AIMediumAI2026-04-07
CVE-2025-13044 Multiple Vulnerabilities in IBM Concert Software — Concert 6.2 Medium2026-04-07
CVE-2026-3256 HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids — HTTP::Session 5.9 -2026-03-28
CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions — Amon2 5.9 -2026-03-28
CVE-2026-4269 Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit — Bedrock AgentCore Starter Toolkit 7.5 High2026-03-16
CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id — Apache::Session::Generate::MD5 9.8 -2026-03-05
CVE-2025-40926 Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely — Plack::Middleware::Session::Simple 9.8 -2026-03-05
CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function — HTTP::Session2 3.7 -2026-02-27
CVE-2025-40932 Apache::SessionX versions through 2.01 for Perl create insecure session id — Apache::SessionX 9.8AICriticalAI2026-02-26
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft. — Vertex AI Experiments 9.8AICriticalAI2026-02-20
CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids — Concierge::Sessions 7.5AIHighAI2026-02-16
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability — ragflow 9.8 -2025-12-31
CVE-2025-62294 Predictable Generation of Password Recovery Token — SOPlanning 9.8 -2025-11-20
CVE-2025-58424 BIG-IP TMM vulnerability — BIG-IP 5.3 Medium2025-10-15
CVE-2025-3449 Weak Session Token used in Automation Runtime SDM — Automation Runtime 4.2 Medium2025-10-07
CVE-2025-59452 YoSmart YoLink API 安全漏洞 — YoLink API 5.8 Medium2025-10-06
CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely — Starch 9.8AICriticalAI2025-09-20
CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely — Apache::AuthAny 9.1AICriticalAI2025-09-17
CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces — Catalyst::Authentication::Credential::HTTP 7.4AIHighAI2025-08-11
CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely — Catalyst::Plugin::Session 9.8AICriticalAI2025-07-17
CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely — Authen::DigestMD5 7.5AIHighAI2025-07-16
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely — Authen::SASL::Perl::DIGEST_MD5 5.3 -2025-07-16
CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely — Plack::Middleware::Session 9.8AICriticalAI2025-07-16
CVE-2024-10603 Google gVisor 安全漏洞 — gVisor--2025-01-30
CVE-2025-0218 pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially allowing a denial of service — pgAgent 5.5 Medium2025-01-07
CVE-2024-12034 Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock — Advanced Google reCAPTCHA 5.3 Medium2024-12-24
CVE-2024-52299 The PDF viewer macro allows accessing any attachment without access right checks — macro-pdfviewer 7.5 High2024-11-13

Vulnerabilities classified as CWE-340 (可预测问题) represent 33 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.