15 matches found
EUVD-2025-31201
Malicious code in bioql PyPI...
CVE-2025-10752
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter base64 encoded app name without any randomness in the OAuth flow. This makes it possible f...
CVE-2025-10752 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter base64 encoded app name without any randomness in the OAuth flow. This makes it possible f...
CVE-2025-10752
CVE-2025-10752 affects the OAuth Single Sign On – SSO (OAuth Client) WordPress plugin. The issue is a Cross‑Site Request Forgery (CSRF) in the OAuth flow caused by a predictable state parameter (base64-encoded app name) that is used during authorization requests. This enables unauthenticated atta...
CVE-2025-10752 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter base64 encoded app name without any randomness in the OAuth flow. This makes it possible f...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2021-4277
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...
Weidmueller Industrial Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Weidmueller Equipment: Industrial Ethernet Switches Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive...
Security Bulletin: Vulnerabilities in the GSKit component of Transformation Extender (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)
Summary Vulnerabilities have been addressed in the GSKit component of Transformation Extender. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability t...
Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-7421, CVE-2015-7420)
Summary Vulnerabilities were discovered in GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...
pycrypto PRNG vulnerabilities
Predictable PRNG state after fork...