CVE-2026-32452

Technical details about CVE-2026-32452 are not publicly provided in the supplied documents. The available entries note a missing authorization issue in Fusion Builder

WordPress plugin Fusion Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin Fusion Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Improper Certificate Validation

Overview niquests is a Niquests is a simple, yet elegant, HTTP library. It is a drop-in replacement for Requests, which is under feature freeze. Affected versions of this package are vulnerable to Improper Certificate Validation due to missing OCSP response signature verification against the...

CVE-2025-13972

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

EUVD-2025-203011

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972 WatchTowerHQ <= 3.16.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972

WatchTowerHQ (WordPress) CVE-2025-13972: Arbitrary file read via wht_download_big_object_origin in all versions up to 3.15.0 due to insufficient path validation in handle_big_object_download_request. Exploitation requires authenticated Admin access with a valid access token, enabling reading sens...

WordPress plugin WatchTowerHQ 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

EUVD-2016-7758

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVE-2016-6873 Note that Nessus relies ...

Dell Power Manager 安全漏洞

Dell Power Manager is an application from Dell USA that is used to configure battery maintenance practices to maximize the battery life of your system. An authorization issue vulnerability exists in Dell Power Manager version 3.15.0 and prior versions, which arises from containing incorrect...

PT-2024-28536 · Dell · Dell Power Manager

Name of the Vulnerable Software and Affected Versions: Dell Power Manager versions 3.15.0 and prior Description: The issue is related to an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code...

Rocky Linux 8 : protobuf (RLSA-2022:7464)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7464 advisory. - Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name...

Design/Logic Flaw

tinyfiledialogs aka tiny file dialogs before 3.15.0 allows shell metacharacters such as a backquote or a dollar sign in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters...

imgproxy is vulnerable to Server-Side Request Forgery

imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

GHSA-9X7H-GGC3-XG47 imgproxy is vulnerable to Server-Side Request Forgery

imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

GHSA-M69H-4FRQ-VWQ7 Server-side template injection in beetl

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...

Beetl 安全漏洞

Beetl is a high-speed template engine from the individual developer Li Jiazhi xiandafu in China. A security vulnerability exists in Beetl version v3.15.0, which stems from a problem in the rendering function that allows an attacker to perform server-side template injection SSTI via a crafted...