1572 matches found
WordPress Plugin: Bitcoin Donation Button – Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin ZT Captcha has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin “Set Bulk Post Categories” has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress plugin Simple Crypto Shortcodes has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability
WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...
MiracleLinux 3 : drupal-6.30-1.AXS3 (AXSA:2014-234:01)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-234:01 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content ...
WordPress plugin Sosh Share Buttons 跨站请求伪造漏洞
WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...
WordPress plugin WPBlogSyn 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
WordPress plugin Stopwords for comments 跨站请求伪造漏洞
The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...
WordPress plugin SocialChamp with WordPress 跨站请求伪造漏洞
WordPress SocialChamp with WordPress plugin is a plugin called SocialChamp which focuses on social media automation management. WordPress SocialChamp with WordPress plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the...
Jervis Has Weak Random for Timing Attack Mitigation
Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...
On-Chip Semi-Device-Independent Quantum Random Number Generator Exploiting Contextuality
We present a semi-device-independent quantum random number generator QRNG based on the violation of a contextuality inequality, implemented by the integration of two silicon photonic chips. Our system combines a heralded single-photon source with a reconfigurable interferometric mesh to implement...
MiracleLinux 9 : bind-9.16.23-31.el9_6.2 (AXSA:2025-11077:11)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11077:11 advisory. Prevent cache poisoning due to weak PRNG CVE-2025-40780 Address various spoofing attacks CVE-2025-40778 CVE-2025-40778 Under certain circumstances,...
CVE-2025-40916
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...
CVE-2025-40915
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...
CVE-2019-11808
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...
CVE-2019-11842
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...
WordPress plugin Clearfy Cache 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
WordPress plugin Booking Calendar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2019-7860
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...