Lucene search
K

8807 matches found

UbuntuCve
UbuntuCve
added 2025/12/30 1:15 a.m.4 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS5.9AI score0.00363EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 12:41 a.m.20 views

CVE-2025-69217

CVE-2025-69217 pertains to coturn (TURN/STUN server). Affected releases: 4.6.2r5–4.7.0-r4 have a weak RNG for nonces and port randomization due to a refactor, using libc random() instead of OpenSSL RAND_bytes (non-Windows). Attacking with ~50 consecutive unauthenticated nonce requests can reconst...

7.7CVSS6.6AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 12:41 a.m.5 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.9AI score0.00363EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/30 12:41 a.m.5 views

EUVD-2025-205680

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.5AI score0.00363EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/30 12:41 a.m.4 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.6AI score0.00363EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/12/30 12:41 a.m.4 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS7AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/30 12:41 a.m.26 views

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS0.00363EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/30 12:41 a.m.5 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS5.5AI score0.00363EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-53832

Name of the Vulnerable Software and Affected Versions coturn versions 4.6.2r5 through 4.7.0-r4 Description coturn, a free open source implementation of TURN and STUN Server, contains a flaw related to its random number generator. Specifically, the random number generator for nonces and port...

7.7CVSS6.8AI score0.00363EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2025/12/24 9:39 a.m.12 views

CVE-2025-14163

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS5.3AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.4 views

EUVD-2025-204783

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS4.8AI score0.00133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/23 10:38 a.m.5 views

CVE-2025-61739

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...

7.2CVSS6.9AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 10:15 a.m.10 views

CVE-2025-14163

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS0.00133EPSS
Exploits0References5
OSV
OSV
added 2025/12/23 10:15 a.m.3 views

CVE-2025-14163

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS5.7AI score0.00133EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/23 9:20 a.m.3 views

CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 2025/12/23 9:20 a.m.19 views

CVE-2025-14163

CVE-2025-14163 : The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation in insert_inner_template. This enables unauthenticated attackers to forge requests and cause creation of arbitrary Elementor templates, by tricking a ...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/12/23 9:20 a.m.27 views

CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...

4.3CVSS0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.9 views

PT-2025-52732

Name of the Vulnerable Software and Affected Versions Premium Addons for Elementor versions prior to 4.11.54 Description The Premium Addons for Elementor plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the insert inner templat...

4.3CVSS6.3AI score0.00133EPSS
Exploits0References8
NVD
NVD
added 2025/12/22 11:15 a.m.5 views

CVE-2025-61739

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...

7.2CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2025/12/22 10:19 a.m.27 views

CVE-2025-61739

CVE-2025-61739 concerns nonce reuse that enables a replay attack or decryption of captured packets. Documents identify the affected products as Johnson Controls IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, and PowerG, with the issue rooted in nonce reuse and/or weak RNG affecting confidentiality an...

7.2CVSS6.5AI score0.00167EPSS
Exploits0References2
Rows per page
Query Builder