83899 matches found
CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-6019
Name of the Vulnerable Software and Affected Versions Extended Random Number Generator versions prior to 1.2 Description The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output...
WordPress plugin Extended Random Number Generator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress Extended Random Number Generator plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Extended Random Number Generator versions = 1.1...
WordPress plugin Mail Mint 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-1205)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...
EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-1217)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...
WordPress Plugin Popup Box: Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-24904
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904
CVE-2026-24904 concerns TrustTunnel, an open‑source VPN protocol. The issue arises prior to version 0.9.115 where a rule-by-prefix bypass could occur: in tls_listener.rs, TlsListener::listen() peeks 1024 bytes and calls extract_client_random(...). If parse_tls_plaintext fails (e.g., fragmented/pa...
EUVD-2026-4949
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
Libgcrypt 1.12.0
Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...
PT-2026-5356
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tls listener.rs, TlsListener::listen peeks 1024 bytes and calls extract client random.... If parse tls plaintext fails for example, a fragmented/partial ClientHello split across TCP writes, extrac...
TrustTunnel access control error vulnerability
TrustTunnel is an open-source VPN protocol software developed by TrustTunnel. Versions of TrustTunnel prior to 0.9.115 contained a access control vulnerability, which stemmed from defects in the rule evaluation logic. This vulnerability could cause rules that rely on matching with the...