Lucene search
+L

264 matches found

Vulnrichment
Vulnrichment
added 2025/12/26 11:43 p.m.4 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS6.7AI score0.00498EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/26 11:43 p.m.23 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS0.00498EPSS
Exploits1References3
CVE
CVE
added 2025/12/26 11:43 p.m.22 views

CVE-2025-68932

FreshRSS suffers from weak cryptographic randomness used to generate remember-me tokens and challenge-response nonces prior to version 1.28.0, enabling potential prediction of valid session tokens and persistent session hijacking leading to account takeover. The issue affects versions before 1.28...

9.8CVSS6.7AI score0.00498EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.14 views

PT-2025-53609

Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.28.0 Description FreshRSS utilizes weak random number generators mt rand and uniqid for creating remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session token...

9.8CVSS6.9AI score0.00498EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.22 views

PT-2025-51227

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

5.3CVSS5.3AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2025/11/19 7:15 a.m.11 views

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS0.00202EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/13 9:8 a.m.7 views

CVE-2025-12903

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS5.3AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2025/11/12 9:15 a.m.6 views

CVE-2025-12903

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS0.00448EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/12 8:28 a.m.11 views

CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS0.00448EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/12 8:28 a.m.4 views

CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS4.9AI score0.00448EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/12 8:28 a.m.7 views

EUVD-2025-119984

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS5AI score0.00448EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1397

Malware in sbrugna...

5.9CVSS5.8AI score0.03059EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-5541

Malware in sbrugna...

5.3CVSS5.3AI score0.01755EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-0168

Malware in sbrugna...

1.9CVSS6.6AI score0.00942EPSS
Exploits1References68
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0954

Malware in sbrugna...

5.9CVSS5.8AI score0.01722EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34197

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.014EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.6 views

Fedora 42 : perl-Catalyst-Authentication-Credential-HTTP (2025-d72429a1f8)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d72429a1f8 advisory. This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID. Tenab...

8.6CVSS5.5AI score0.00412EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-40920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a stro...

8.6CVSS5.9AI score0.00412EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-14317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key...

5.3CVSS5.8AI score0.01755EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.1 views

FreeBSD : p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness (c323bab5-80dd-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c323bab5-80dd-11f0-97c4-40b034429ecf advisory. perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier fo...

8.6CVSS5.5AI score0.00412EPSS
Exploits0References3
Rows per page
Query Builder