CVE-2026-4121

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

CVE-2025-13810

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...

EUVD-2025-199956

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...

CVE-2025-13810

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...

WebStack-Guns 路径遍历漏洞

WebStack-Guns is Dana Keeling individual developer of an open source web site navigation website project , backend based on Guns and Springboot. WebStack-Guns 1.0 version of a path traversal vulnerability , the vulnerability stems from the file KaptchaController.java function renderPicture...

PT-2025-48414

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...

EUVD-2018-0553

Malware in sbrugna...

EUVD-2025-29145

Malicious code in bioql PyPI...

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered...

newbee-mall 安全漏洞

newbee-mall is a newbee open source e-commerce system. A security vulnerability exists in version 1.0 of newbee-mall, which originates from a function mallKaptcha in file /common/mall/kaptcha that generates guessable CAPTCHA, which could lead to a remote attack...

cloud.agileframework:agile-security (>=2.1.0.M8 <=2.2.0.M7), cloud.agileframework:spring-boot-starter-kaptcha (>=2.1.0.M8 <=2.2.0.M7) +234 more potentially affected by CVE-2018-18531 via com.github.penggle:kaptcha (=2.3.2)

com.github.penggle:kaptcha MAVEN version =2.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.penggle:kaptcha and may be impacted: - cloud.agileframework:agile-security =2.1.0.M8, =2.1.0.M8, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0,...

GHSA-8Q89-PWHH-7WFQ Use of Insufficiently Random Values in penggle:kaptcha

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

kaptcha access bypass vulnerability

kaptcha is a CAPTCHA generation tool based on SimpleCaptcha. A security vulnerability exists in several files in kaptcha version 2.3.2, which stems from the program's use of the 'Random' function instead of the 'SecureRandom' function to create CAPTCHA values. This vulnerability can be exploited ...

Design/Logic Flaw

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

CVE-2018-18531

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

CVE-2018-18531

CVE-2018-18531 involves kaptcha 2.3.2, where files text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java use Random instead of SecureRandom to generate CAPTCHA values. This weak randomness can enable remote attackers to brute-forc...

CVE-2018-18531

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...