294 matches found
Directory Traversal
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Directory Traversal via the Script View...
Friday Squid Blogging: Squid Fishing in Peru
Peru has increased its squid catch limit. The article says "giant squid," but they can't possibly mean that. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
WordPress Catch Popup plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Catch Popup versions = 1.4.4...
Sandbox Escape
vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete sanitization of Promise callbacks, where globalPromise.prototype.then and catch are not sanitized while localPromise is, this allowing attackers to bypass sandbox restrictions via async function return values and execute...
CVE-2026-22709
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...
CVE-2026-22709 vm2 has a Sandbox Escape
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...
vm2 has a Sandbox Escape
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...
GHSA-99P7-6V5W-7XG8 vm2 has a Sandbox Escape
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...
PT-2026-4821
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.2 Description vm2 is a Node.js library used to create sandboxed environments for executing untrusted code. A flaw exists in versions prior to 3.10.2 where the sanitization of Promise.prototype.then and...
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...
CVE-2023-25961
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Catch Themes Darcie theme = 1.1.5 versions...
CVE-2025-23619
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through = 2.0...
CVE-2025-1406
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-13964
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...
CVE-2025-13964
CVE-2025-13964 : LearnPress – WordPress LMS Plugin (LearnPress) is vulnerable to unauthorized modification of course data due to a missing capability check in catch_lp_ajax, affecting all versions up to 4.3.2. This allows unauthenticated attackers to add/remove/update/reorder sections and section...
CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...
PT-2026-1425
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the catch l...
SUSE CVE-2025-68186
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
EUVD-2025-203710
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...
CVE-2025-68186
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...