CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

PT-2026-40583

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.3 Description An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentiall...

EUVD-2025-0115

Malicious code in bioql PyPI...

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

WordPress Decode theme <= 3.15.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Decode versions = 3.15.3...

PT-2023-27936 · Calico · Calico Typha +1

Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled...

Fedora 20 : nspr-4.10.2-1.fc20 / nss-3.15.3-2.fc20 / nss-softokn-3.15.3-1.fc20 / etc (2013-22756)

This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at...

nss and nspr security, bug fix, and enhancement update

nspr 4.10.2-2 - Fix changelog comments - Resolves: rhbz1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws rhel-5.10 4.10.2-1 - Update to nspr-4.10.2 - Remove an unused patch - Resolves: rhbz1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws rhel-5.10 4.10.0...

Debian Security Advisory DSA 2800-1 (nss - buffer overflow)

Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library nss. With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. OpenVAS Vulnerability Test $Id: deb2800.nasl 6611 2017-07-07...

Design/Logic Flaw

The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...

CVE-2013-5605

The vulnerability affects Mozilla NSS 3.14 before 3.14.5 and 3.15 before 3.15.3, where invalid handshake packets can cause a denial of service (and possibly other impact). Affected components are NSS libraries; actions: upgrade to NSS 3.14.5 or 3.15.3 (or later) to remediate. Exploitation details...

Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla

Mozilla has updated the version of Network Security Services NSS library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues...