Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8777 matches found

EUVD
EUVDadded 2026/03/23 6:30 a.m.10 views

EUVD-2026-14373

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.8AI score0.00345EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/03/23 6:30 a.m.7 views

jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00345EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2026/03/23 6:30 a.m.7 views

GHSA-5JX8-Q4CP-RHH6 jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00345EPSS
Exploits1References6
OSV
OSVadded 2026/03/23 6:16 a.m.2 views

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/23 5:0 a.m.4 views

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.8AI score0.00345EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/23 5:0 a.m.4 views

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.8AI score0.00345EPSS
Exploits1References6
CVE
CVEadded 2026/03/23 5:0 a.m.40 views

CVE-2026-4599

JSrsasign versions 7.0.0–11.0.x are vulnerable due to Incomplete Comparison with Missing Factors in src/crypto-1.1.js: getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax perform incorrect compareTo checks that accept out-of-range candidates, biasing DSA nonces and enabling private key r...

9.3CVSS5.8AI score0.00345EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/03/23 5:0 a.m.28 views

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS0.00345EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.7 views

PT-2026-27055

Name of the Vulnerable Software and Affected Versions jsrsasign versions 7.0.0 through 11.1.1 Description An issue exists involving incomplete comparison with missing factors within the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located in src/crypto-1.1.js. An attacke...

9.3CVSS5.8AI score0.00345EPSS
Exploits1References17
EUVD
EUVDadded 2026/03/21 6:30 a.m.3 views

EUVD-2026-13991

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfieoptionpage function combined with insufficient input sanitization and output escaping...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References10
EUVD
EUVDadded 2026/03/21 6:30 a.m.3 views

EUVD-2026-14158

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References6
EUVD
EUVDadded 2026/03/21 6:30 a.m.4 views

EUVD-2026-13984

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References8
EUVD
EUVDadded 2026/03/21 6:30 a.m.7 views

EUVD-2026-14152

The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for unauthenticated attackers to...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References8
EUVD
EUVDadded 2026/03/21 6:30 a.m.4 views

EUVD-2026-14004

The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdownsettingscontent function. This makes it possible for unauthenticated attackers to update the plugin settings...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.3 views

EUVD-2026-14007

The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.5 views

EUVD-2026-14006

The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the cptpluginoptions function. This makes it possible for unauthenticated attackers to update the plugin settings including...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.4 views

EUVD-2026-14191

The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the srminifyhtmltheme function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.4 views

EUVD-2026-14181

The loginregister plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on the...

4.3CVSS6AI score0.00145EPSS
Exploits0References5
NVD
NVDadded 2026/03/21 4:17 a.m.4 views

CVE-2026-4143

The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncffaddpluginpage function which handles settings updates. This makes it possible for unauthenticated...

4.3CVSS0.00128EPSS
Exploits0References5
NVD
NVDadded 2026/03/21 4:17 a.m.4 views

CVE-2026-4127

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

4.3CVSS0.00207EPSS
Exploits0References5
Rows per page
Query Builder