SUSE-SU-2026:21145-1 Security update for perl-Authen-SASL

This update for perl-Authen-SASL fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: use Crypt:URandom for generating nonces bsc1246623...

OPENSUSE-SU-2026:20480-1 Security update for perl-Authen-SASL

This update for perl-Authen-SASL fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: use Crypt:URandom for generating nonces bsc1246623...

WordPress plugin RepairBuddy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3567 RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

CVE-2026-26014

A vulnerability has been identified in the Pion DTLS implementation where the use of random nonce generation with AES-GCM ciphers does not adhere to recommended cryptographic practices. Under certain conditions, this may allow remote attackers to more easily derive or reuse encryption...

CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

GHSA-9F3F-WV7R-QC8R Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key

Impact Pion DTLS versions v1.0.0 through v3.0.10 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Patches Upgrade to v3.1.1 or late...

MiracleLinux 7 : httpd-2.4.6-89.0.1.el7.AXS7 (AXSA:2019-3965:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3965:02 advisory. httpd: Weak Digest auth nonce generation in modauthdigest CVE-2018-1312 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2025-69217

CVE-2025-69217 pertains to coturn (TURN/STUN server). Affected releases: 4.6.2r5–4.7.0-r4 have a weak RNG for nonces and port randomization due to a refactor, using libc random() instead of OpenSSL RAND_bytes (non-Windows). Attacking with ~50 consecutive unauthenticated nonce requests can reconst...

JLSEC-2025-216 In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption wh...

In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

EUVD-2018-11913

Malware in sbrugna...

EUVD-2014-0039

Malware in sbrugna...

EUVD-2021-19747

Malware in sbrugna...

EUVD-2025-0003

Malicious code in bioql PyPI...

EUVD-2024-44023

Malicious code in bioql PyPI...

EUVD-2022-6276

Malicious code in bioql PyPI...

EUVD-2024-54367

Malicious code in bioql PyPI...

EUVD-2024-17291

Malicious code in bioql PyPI...

EUVD-2025-24168

Malicious code in bioql PyPI...

Fedora 43 : perl-Catalyst-Authentication-Credential-HTTP (2025-6df5ab0b98)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-6df5ab0b98 advisory. This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID. Tenab...