CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

CVE-2025-27044

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2025-21445

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2024-53009

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2025-21449

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2025-27046

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2025-21446

creationtimestamp| type| source ---|---|--- 2025-07-08 13:19:01+00:00| seen| https://vulnerability.circl.lu/bundle/13f0850e-798e-4625-b315-667b9d13bc30...

CVE-2025-52999

creationtimestamp| type| source ---|---|--- 2025-06-25 18:06:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19492 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2025-5585

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5585

The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...

WordPress plugin SiteOrigin Widgets Bundle 跨站脚本漏洞

WordPress SiteOrigin Widgets Bundle is a powerful WordPress plugin that provides a rich set of highly customizable widgets for enhancing the layout and functionality of your website, supporting a wide range of page builders and editors to help users easily create professional and beautiful...

PT-2025-26806 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to and including 1.68.4 Description: The issue is related to Stored Cross-Site Scripting via the data-url DOM Element Attribute. This occurs due to insufficient input sanitization and...

WordPress SiteOrigin Widgets Bundle plugin <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-url DOM Element Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.68.5...

Malicious code in bundle-text (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9c8b6161ffd8ada11e31a593266ea01307ba4ea6b7b0dad552cddc706c3beb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

wireshark: Uncontrolled Recursion in Wireshark

A flaw was found in Wireshark. Bundle Protocol and CBOR dissector crashes in Wireshark allow denial of service via packet injection or crafted capture file...

ASB-A-373467684

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-1070

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...