8806 matches found
PT-2026-1556
Name of the Vulnerable Software and Affected Versions AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is a result of flawed nonce verification within the amp them...
PT-2026-1564
Name of the Vulnerable Software and Affected Versions HelpDesk contact form plugin for WordPress versions prior to 1.1.6 Description The HelpDesk contact form plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within t...
PT-2026-1637
Name of the Vulnerable Software and Affected Versions Sticky Action Buttons plugin for WordPress versions up to and including 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of, or incorrect, nonce validation within the sabs options page fo...
PT-2026-1594
Name of the Vulnerable Software and Affected Versions xShare plugin for WordPress versions up to and including 1.0.1 Description The xShare plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the xshare plugin reset function. An...
CVE-2025-47345
Technical details (affected products, versions, root cause, fixes) are not publicly provided in the connected documents. Monitor for updates from Qualcomm and related security bulletins.
CVE-2025-47345 Reusing a Nonce, Key Pair in Encryption in Automotive Platform
Cryptographic issue may occur while encrypting license data...
CVE-2025-47345 Reusing a Nonce, Key Pair in Encryption in Automotive Platform
Cryptographic issue may occur while encrypting license data...
CVE-2025-14441
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...
SUSE CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
PT-2026-1412
Name of the Vulnerable Software and Affected Versions Popupkit plugin for WordPress versions through 2.2.0 Description The Popupkit plugin for WordPress has a flaw that allows authenticated attackers with Subscriber-level access or higher to delete arbitrary subscriber records. This is due to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the startSessionHandler function. An attacker can cause excessive memory consumption and crash the server by sending unauthenticated HTTP requests with a specially crafted nonce a...
Linux Distros Unpatched Vulnerability : CVE-2025-69217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port...
PT-2026-23804
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2025-14426
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
SUSE CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...
CVE-2025-69217
A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
UBUNTU-CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...