WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.31...

CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

CVE-2025-64755

CVE-2025-64755 affects Claude Code (Anthropic). A parsing error in sed command handling prior to version 2.0.31 allowed bypassing the read-only validation and writing to arbitrary host files (e.g., injection into shell config files). The issue enables potential arbitrary file writes and has been ...

Claude Code 操作系统命令注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. An operating system command injection vulnerability exists in versions of Claude Code prior to 2.0.31, which stems from an error in the parsing of the sed command and could lead to arbitrary file writes...

PT-2025-47656

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.31 Description Claude Code is an agentic coding tool that had a critical remote code execution issue. Prior to version 2.0.31, an error in sed command parsing allowed bypassing the read-only validation, enabli...

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection due to improp...

CVE-2025-62366

Summary: CVE-2025-62366 affects the Node.js package Mailgen. The vulnerability lies in generatePlaintext in versions up to 2.0.30, where encoded HTML entities are not stripped and are later decoded, producing active HTML in plaintext output. If that plaintext is rendered as HTML, attacker-control...

WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Extensions for Elementor versions = 2.0.31...

PT-2024-28607 · Elementor · Extensions For Elementor

Name of the Vulnerable Software and Affected Versions: Extensions for Elementor versions 2.0.31 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations...

WordPress Extensions for Elementor Plugin <= 2.0.30 is vulnerable to Cross Site Scripting (XSS)

Software Extensions for Elementor Type Plugin Vulnerable versions = 2.0.30 Fixed in 2.0.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 66cb64dd9468 Credits Francesco...

CVE-2024-2392

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Plugin Blocksy Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

PT-2024-20176 · WordPress · Blocksy Companion

Name of the Vulnerable Software and Affected Versions: Blocksy Companion plugin for WordPress versions up to, and including, 2.0.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Newsletter widget due to insufficient input sanitization and output escaping on...

SUSE-FU-2023:2119-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

SUSE-FU-2023:2117-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

@best/agent-hub (>=7.0.1 <=16.1.0), best (>=7.0.1 <=16.1.0) potentially affected by CVE-2020-15779 via socket.io-file (=2.0.31)

socket.io-file NPM version =2.0.31 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-file and may be impacted: - @best/agent-hub =7.0.1, =7.0.1, =16.1.0 Source cves: CVE-2020-15779 Source advisory: OSV:GHSA-9H4G-27M8-QJRG...

CVE-2018-7715

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

ScrewTurn-Wiki_08_008.txt

Portcullis Security Advisory 08008 Vulnerable System: ScrewTurn Wiki www.screwturn.eu. Vulnerability Title: Permanent Cross-site Scripting in the "System Log" page. Vulnerability Discovery And Development: Portcullis Security Testing Services. Credit For Discovery: Ferruh Mavituna - Portcullis...