Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...

EUVD-2026-10939

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

Istio 安全漏洞

Istio is an open-source platform that connects, manages, and protects microservices. There are security vulnerabilities in versions of Istio prior to 1.29.1, 1.28.5, and 1.27.8. These vulnerabilities stem from defects in the Envoy RBAC header matching mechanism, which may allow authorization...

EUVD-2025-28453

Malicious code in bioql PyPI...

EUVD-2025-24782

Malicious code in bioql PyPI...

CVE-2025-40979

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...

CVE-2025-40979

CVE-2025-40979 describes a DLL search order hijack in Grandstream Wave’s wave.exe on Windows 11 (v1.27.8). The root cause is improper DLL loading order, allowing a locally attacker-controlled file placed in the user Temp directory (C:\Users\AppData\Local\Temp) to potentially execute arbitrary cod...

CVE-2025-40979 DLL search order hijack in Wave by Grandstream Networks

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...

PT-2025-37036

Name of the Vulnerable Software and Affected Versions: Windows 11 version 1.27.8 Description: A DLL search order hijacking issue exists in the wave.exe executable. Successful exploitation could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the...

Grandstream Wave 代码问题漏洞

Grandstream Wave is a voice software from Grandstream Corporation, USA. A code issue vulnerability exists in Grandstream Wave version 1.27.8, which stems from DLL search order hijacking and could lead to the execution of arbitrary code...

CVE-2025-52712

Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

CVE-2025-52712 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability

Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

CVE-2025-52712

CVE-2025-52712 is a Path Traversal vulnerability in WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor, affecting versions up to 1.27.8. Technical details across sources confirm the issue is a path traversal flaw (root cause: improper handling of file paths) that could enab...

CVE-2025-52712 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability

Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

CVE-2025-52713

Server-Side Request Forgery SSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

CVE-2025-52713

CVE-2025-52713 : WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor” (vulnerable in versions up to 1.27.8) contains a Server-Side Request Forgery (SSRF) flaw. The issue enables the server to be coerced into initiating requests to unintended targets, per the CVE desc...

CVE-2025-52711 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

WordPress plugin Post and Page Builder by BoldGrid – Visual Drag and Drop Editor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Post and Page Builder by BoldGrid -...