Lucene search
K

972 matches found

OSV
OSV
added 2026/02/12 10:55 a.m.12 views

USN-8033-2 linux-intel-iot-realtime, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS6.9AI score0.00248EPSS
Exploits4References115
OSV
OSV
added 2026/02/12 10:40 a.m.11 views

USN-8033-1 linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS6.8AI score0.00248EPSS
Exploits4References115
Ubuntu
Ubuntu
added 2026/02/12 9:39 a.m.5 views

USN-8030-1: Linux kernel (GCP) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS5.7AI score0.00544EPSS
Exploits4
OSV
OSV
added 2026/02/12 9:39 a.m.8 views

USN-8030-1 linux-gcp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS6.5AI score0.00544EPSS
Exploits4References367
Ubuntu
Ubuntu
added 2026/02/12 9:15 a.m.7 views

USN-8029-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS5.7AI score0.00544EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.4 views

ISC BIND 9.16.0 < 9.18.41 / 9.16.8-S1 < 9.18.41-S1 / 9.18.0 < 9.18.41 / 9.18.11-S1 < 9.18.41-S1 / 9.20.0 < 9.20.15 / 9.20.9-S1 < 9.20.15-S1 / 9.21.0 < 9.21.14 Vulnerability (cve-2025-40780)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40780 advisory. - In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for a...

8.6CVSS7.9AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 8:25 a.m.30 views

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.0025EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 8:25 a.m.3 views

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.5AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6019

Name of the Vulnerable Software and Affected Versions Extended Random Number Generator versions prior to 1.2 Description The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output...

4.4CVSS5.6AI score0.0025EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

WordPress plugin Extended Random Number Generator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.4CVSS5.7AI score0.0025EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/03 11:5 p.m.6 views

WordPress Extended Random Number Generator plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Extended Random Number Generator versions = 1.1...

4.4CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 3 : drupal-6.30-1.AXS3 (AXSA:2014-234:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-234:01 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content ...

7.5CVSS6.7AI score0.03072EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/13 2:55 p.m.11 views

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

8.2CVSS6.9AI score0.00231EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : bind-9.16.23-31.el9_6.2 (AXSA:2025-11077:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11077:11 advisory. Prevent cache poisoning due to weak PRNG CVE-2025-40780 Address various spoofing attacks CVE-2025-40778 CVE-2025-40778 Under certain circumstances,...

8.6CVSS6.5AI score0.00509EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.6 views

CVE-2019-7860

A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

7.5CVSS6.8AI score0.01186EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/31 12:23 a.m.4 views

SUSE CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS7AI score0.00363EPSS
Exploits0References3
NVD
NVD
added 2025/12/30 1:15 a.m.6 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS0.00363EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/30 12:41 a.m.5 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS5.5AI score0.00363EPSS
Exploits0
EUVD
EUVD
added 2025/12/30 12:41 a.m.5 views

EUVD-2025-205680

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS6.5AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/12/30 12:41 a.m.20 views

CVE-2025-69217

CVE-2025-69217 pertains to coturn (TURN/STUN server). Affected releases: 4.6.2r5–4.7.0-r4 have a weak RNG for nonces and port randomization due to a refactor, using libc random() instead of OpenSSL RAND_bytes (non-Windows). Attacking with ~50 consecutive unauthenticated nonce requests can reconst...

7.7CVSS6.6AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder