CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

CVE-2024-13872

Bitdefender Box is affected in versions 1.3.11.490–1.3.11.505. The issue arises from downloading assets over HTTP for updates via the /set_temp_token API, enabling an unauthenticated, network-adjacent attacker to perform MITM and return malicious assets. Restarted daemons using those assets can l...

PT-2025-11031 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...

Bitdefender Box 命令注入漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A command injection vulnerability exists in Bitdefender Box version 1.3.11.490, which stems from the presence of a command injection in the checkimageandtriggerrecovery API endpoint, which could lead to remote code...

Bitdefender Box 安全漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A security vulnerability exists in Bitdefender Box version 1.3.52.928 and earlier, which stems from improper access control and could allow an unauthenticated attacker to downgrade the device firmware...

Bitdefender BOX 安全漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A security vulnerability exists in Bitdefender BOX versions 1.3.11.490 through 1.3.11.505, which stems from the use of an insecure HTTP protocol to download assets, which could lead to man-in-the-middle attacks and...

PT-2025-11033 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box versions 1.3.11.490 through 1.3.11.505 Description: The issue concerns the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules on devices. Updates can ...

PT-2025-11032 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 version 1.3.11.490 Description: A command injection vulnerability exists in the "/check image and trigger recovery" API endpoint, allowing an unauthenticated, network-adjacent attacker to execute arbitrary commands on the...

WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Contact Form 7 Select Box Editor Button versions = 0.6...

adversarial-attacks-white-black-box (=0.1.7) potentially affected by CVE-2025-25302 via rembg (=2.0.57)

rembg PYPI version =2.0.57 is affected by a known vulnerability. The following packages have a transitive dependency on rembg and may be impacted: - adversarial-attacks-white-black-box =0.1.7 Source cves: CVE-2025-25302 Source advisory: OSV:GHSA-59QH-FMM7-3G9Q...

adversarial-attacks-white-black-box (=0.1.7) potentially affected by CVE-2025-25301 via rembg (=2.0.57)

rembg PYPI version =2.0.57 is affected by a known vulnerability. The following packages have a transitive dependency on rembg and may be impacted: - adversarial-attacks-white-black-box =0.1.7 Source cves: CVE-2025-25301 Source advisory: OSV:GHSA-R5GX-C49X-H878...

CVE-2025-28902

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28902

CVE-2025-28902 is a CSRF vulnerability in the WordPress plugin Contact Form 7 Select Box Editor Button , affecting versions up to 0.6. The connected details confirm a cross-site request forgery flaw in this plugin; no exploitation details or patch/remediation are provided in the sources. The entr...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

WordPress plugin Contact Form 7 Select Box Editor Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2025-25169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...

CVE-2019-20171

An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metxNew in isomedia/boxcodebase.c and abstRead in isomedia/boxcodeadobe.c...

adversarial-attacks-white-black-box (=0.1.7) potentially affected by CVE-2025-25302 via rembg (=2.0.57)

rembg PYPI version =2.0.57 is affected by a known vulnerability. The following packages have a transitive dependency on rembg and may be impacted: - adversarial-attacks-white-black-box =0.1.7 Source cves: CVE-2025-25302 Source advisory: OSV:PYSEC-2025-25...

adversarial-attacks-white-black-box (=0.1.7) potentially affected by CVE-2025-25301 via rembg (=2.0.57)

rembg PYPI version =2.0.57 is affected by a known vulnerability. The following packages have a transitive dependency on rembg and may be impacted: - adversarial-attacks-white-black-box =0.1.7 Source cves: CVE-2025-25301 Source advisory: OSV:PYSEC-2025-24...