Lucene search
K

8792 matches found

CVE
CVE
added 2026/01/10 5:17 a.m.19 views

CVE-2026-22698

CVE-2026-22698 affects the RustCrypto Elliptic Curves library (SM2 PKE) in versions 0.14.0-pre.0 through 0.14.0-rc.0. The root cause is a unit-mismatch in the nonce generation path: the code computes the nonce length as a 32-bit value but feeds it as a bit-length to the RNG, producing a 32-bit en...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/01/10 5:17 a.m.5 views

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS6.6AI score0.00245EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-1761

Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin versions prior to 4.4.9 Description The plugin is susceptible to a Cross-Site Request Forgery CSRF issu...

5.4CVSS6.5AI score0.00123EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/01/09 10:27 p.m.13 views

SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/01/09 10:27 p.m.4 views

GHSA-W3G8-FP6J-WVQW SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2026/01/09 8:19 p.m.287 views

Exploit for CVE-2025-14124

CVE-2025-14124 WordPress Team Plugin - Unauthenticated SQL...

8.6CVSS8.4AI score0.0156EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.9 views

CVE-2023-50059

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce random number...

5.3CVSS6.7AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.9 views

CVE-2023-4151

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00645EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:7 p.m.8 views

CVE-2018-6480

A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature which, for example, helped with loop prevention. ccnlfwdhandleInterest assumes that the union member s is of type ccnlpktdetailndntlvs. However, if the type is in fact stru...

8.8CVSS7AI score0.01325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.4 views

CVE-2021-41061

In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154security component allows attackers to break encryption by triggering reboots...

5.5CVSS6.9AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS7.1AI score0.01092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.4 views

CVE-2022-23180

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

4.3CVSS6.6AI score0.0053EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.5 views

CVE-2022-0141

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

8.1CVSS6.7AI score0.00453EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4000

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...

6.3CVSS6.6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.8 views

CVE-2023-4161

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

4.3CVSS6.7AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

4.3CVSS4.5AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.8 views

CVE-2023-4248

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givestripedisconnectconnectstripeaccount function. This makes it possible for unauthenticated attackers to deactivate t...

5.4CVSS6.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.6 views

CVE-2023-4923

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...

5.4CVSS5.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.4 views

CVE-2023-4937

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsapplydefaultcombination function. This makes it possible for unauthenticated attackers to manipulate product...

4.3CVSS5.3AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4920

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobesaveoptions function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged...

8.8CVSS5.3AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder