GHSA-434V-X5QV-PMH6 libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

All-Zero Key Generation on Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

WordPress ConvertForce Popup Builder plugin <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation vulnerability

Stored Cross-Site Scripting via entranceanimation vulnerability discovered by WordFence in WordPress Plugin ConvertForce Popup Builder versions = 0.0.7...

CVE-2025-14506

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-1744

Name of the Vulnerable Software and Affected Versions ConvertForce Popup Builder plugin for WordPress versions up to and including 0.0.7 Description The ConvertForce Popup Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitizatio...

EUVD-2025-36570

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

GitHub Workflow Updater 安全漏洞

GitHub Workflow Updater is a VS Code extension by Richard Tweed Personal Developer. A security vulnerability exists in GitHub Workflow Updater versions prior to 0.0.7, which stems from storing Github tokens in cleartext, which could lead to token disclosure...

CVE-2025-53677

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

Jenkins plugin Xooa 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

GHSA-WGC6-9F6W-H8HX Withdrawn Advisory: microlight allows a denial of service

Withdrawn Advisory This advisory has been withdrawn because the proof of concept does not demonstrate a practical security impact. This link is maintained to preserve external references. Original Description A denial of service DoS vulnerability has been identified in the JavaScript library...

microlight.js 安全漏洞

microlight.js is a Dmitry Prokashev Personal Developer highlighting code in any programming language. A security vulnerability exists in microlight.js version 0.0.7, which stems from an unrestricted handling of content size and could lead to a denial of service...

microlight.js 代码问题漏洞

microlight.js is a Dmitry Prokashev Personal Developer highlighting code in any programming language. A code issue vulnerability exists in microlight.js version 0.0.7, which stems from a null pointer dereference that could cause an application to crash...

CVE-2025-22334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7...

CVE-2025-30857

Cross-Site Request Forgery CSRF vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through = 0.0.7...

CVE-2025-30857

Cross-Site Request Forgery CSRF vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through = 0.0.7...

WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Currency Switcher for WooCommerce versions = 0.0.7...

CVE-2025-30857 WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through = 0.0.7...

CVE-2025-30857 WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through = 0.0.7...

CVE-2025-23730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through = 0.0.7...