Lucene search
K

8806 matches found

Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1556

Name of the Vulnerable Software and Affected Versions AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is a result of flawed nonce verification within the amp them...

4.3CVSS6.1AI score0.00132EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1564

Name of the Vulnerable Software and Affected Versions HelpDesk contact form plugin for WordPress versions prior to 1.1.6 Description The HelpDesk contact form plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within t...

4.3CVSS6.2AI score0.00128EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1637

Name of the Vulnerable Software and Affected Versions Sticky Action Buttons plugin for WordPress versions up to and including 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of, or incorrect, nonce validation within the sabs options page fo...

4.3CVSS6.2AI score0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1594

Name of the Vulnerable Software and Affected Versions xShare plugin for WordPress versions up to and including 1.0.1 Description The xShare plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the xshare plugin reset function. An...

4.3CVSS6AI score0.0014EPSS
Exploits0References5
CVE
CVE
added 2026/01/06 10:48 p.m.31 views

CVE-2025-47345

Technical details (affected products, versions, root cause, fixes) are not publicly provided in the connected documents. Monitor for updates from Qualcomm and related security bulletins.

8.4CVSS6.6AI score0.00069EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/06 10:48 p.m.3 views

CVE-2025-47345 Reusing a Nonce, Key Pair in Encryption in Automotive Platform

Cryptographic issue may occur while encrypting license data...

8.4CVSS6.6AI score0.00069EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/06 10:48 p.m.32 views

CVE-2025-47345 Reusing a Nonce, Key Pair in Encryption in Automotive Platform

Cryptographic issue may occur while encrypting license data...

8.4CVSS0.00069EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 5:15 a.m.4 views

CVE-2025-14441

The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...

4.3CVSS0.002EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/01/06 12:24 a.m.5 views

SUSE CVE-2025-68113

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

6.5CVSS6.7AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.5 views

PT-2026-1412

Name of the Vulnerable Software and Affected Versions Popupkit plugin for WordPress versions through 2.2.0 Description The Popupkit plugin for WordPress has a flaw that allows authenticated attackers with Subscriber-level access or higher to delete arbitrary subscriber records. This is due to...

5.3CVSS6.6AI score0.002EPSS
Exploits0References10
Snyk
Snyk
added 2026/01/05 7:43 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...

6.9CVSS7.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-69217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port...

7.7CVSS5.6AI score0.00363EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-23804

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...

5.8CVSS5.8AI score0.00355EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/12/31 1:7 p.m.14 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/31 12:23 a.m.4 views

SUSE CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS7AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/30 12:22 p.m.22 views

CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS0.002EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/30 7:31 a.m.4 views

CVE-2025-69217

A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...

7.7CVSS6.8AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 1:15 a.m.6 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS0.00363EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/30 1:15 a.m.4 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS5.9AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2025/12/30 1:15 a.m.4 views

UBUNTU-CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS5.8AI score0.00363EPSS
Exploits0References5
Rows per page
Query Builder