264 matches found
CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...
CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...
CVE-2025-68932
FreshRSS suffers from weak cryptographic randomness used to generate remember-me tokens and challenge-response nonces prior to version 1.28.0, enabling potential prediction of valid session tokens and persistent session hijacking leading to account takeover. The issue affects versions before 1.28...
PT-2025-53609
Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.28.0 Description FreshRSS utilizes weak random number generators mt rand and uniqid for creating remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session token...
PT-2025-51227
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...
CVE-2025-12535
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-12903
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
CVE-2025-12903
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
EUVD-2025-119984
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...
EUVD-2016-1397
Malware in sbrugna...
EUVD-2019-5541
Malware in sbrugna...
EUVD-2014-0168
Malware in sbrugna...
EUVD-2018-0954
Malware in sbrugna...
EUVD-2021-34197
Malicious code in bioql PyPI...
Fedora 42 : perl-Catalyst-Authentication-Credential-HTTP (2025-d72429a1f8)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d72429a1f8 advisory. This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID. Tenab...
Linux Distros Unpatched Vulnerability : CVE-2025-40920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a stro...
Linux Distros Unpatched Vulnerability : CVE-2019-14317
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key...
FreeBSD : p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness (c323bab5-80dd-11f0-97c4-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c323bab5-80dd-11f0-97c4-40b034429ecf advisory. perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier fo...