264 matches found
CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-14487
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
PT-2026-51670
Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...
JLSEC-2026-622 Predictable WebSocket masking key and handshake nonce in HTTP.jl client
Description The WebSocket client masking key wssendframe! and the Sec-WebSocket-Key handshake nonce wsrandomhandshakekey were generated with randUInt8, n, which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short r...
CVE-2026-41000
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...
CVE-2026-41000 WSS4J validation does not use configured replay cache
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...
EUVD-2026-36210
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...
CVE-2026-41000
The CVE-2026-41000 issue affects Spring Web Services where Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. This undermines protections against replay of UsernameToken nonces and creation timestamps, as well as Time...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...
PT-2026-47355
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tpm dev release function uses kfree instead of kfree sensitive to free chip-auth. This structure contains sensitive cryptographic material, including HMAC session keys, nonces, and...
Linux Distros Unpatched Vulnerability : CVE-2026-44581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...
EUVD-2026-33248
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...
CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...
WordPress plugin Breeze 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Malicious code in ihubinternal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...
MAL-2026-4584 Malicious code in ihubinternal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...
CVE-2026-44581
CVE-2026-44581 details a stored XSS in Next.js App Router apps relying on CSP nonces when deployed behind shared caches. Affected versions are 13.4.0–before 15.5.16 and 16.2.5; malformed nonce values derived from request headers could be reflected into rendered HTML, enabling cache-poisoning and ...
CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...
CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...