Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:25 a.m.2 views

CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/14 2:25 a.m.33 views

CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

7.2CVSS0.01312EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/14 2:25 a.m.4 views

EUVD-2026-22201

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References6
CVE
CVE
added 2026/04/14 2:25 a.m.53 views

CVE-2026-6227

Summary (CVE-2026-6227) The BackWPup WordPress plugin is vulnerable to Local File Inclusion via the REST endpoint /wp-json/backwpup/v1/getblock, using the block_name parameter. All versions up to 5.6.6 are affected due to a non-recursive str_replace() sanitization of path traversal sequences (e.g...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/14 2:25 a.m.2 views

CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32589

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the block name parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive str replace sanitization of path traversal sequences. This makes it possible f...

7.2CVSS6.5AI score0.01312EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2025/05/27 12:0 a.m.4 views

The vulnerability of the getBlock() function in the monitoring and security management tool Trend Micro Apex Central allows a threat to execute arbitrary code.

The vulnerability of the getBlock function in the Trend Micro Apex Central security monitoring and management tool is related to the failure to take measures to neutralize specific elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.01605EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.5 views

PT-2025-22432 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central affected versions not specified Description: The issue is related to the getBlock function in Trend Micro Apex Central's security monitoring and management tool, which fails to neutralize special elements in its outpu...

7.5CVSS6.9AI score0.01605EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.15 views

SUSE CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.8AI score0.01141EPSS
Exploits0References4
CNVD
CNVD
added 2018/10/22 12:0 a.m.4 views

Xpdf 'DCTStream::getBlock' function out-of-bounds read vulnerability

Xpdf is an open source PDF reader developed by Foo Labs, which supports decoding LZW compressed format files and reading encrypted PDF files. Xpdf 4.00 version of the Stream.cc file in the 'DCTStream::getBlock' function has an out-of-bounds read vulnerability. A remote attacker can exploit this...

5.5CVSS6.8AI score0.01141EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/10/18 6:29 a.m.32 views

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.1AI score0.01141EPSS
Exploits0References3
NVD
NVD
added 2018/10/18 6:29 a.m.23 views

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS5.3AI score0.01141EPSS
Exploits0References2
Prion
Prion
added 2018/10/18 6:29 a.m.19 views

Null pointer dereference

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

4.3CVSS5.3AI score0.01141EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/18 6:29 a.m.4 views

DEBIAN-CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.7AI score0.01141EPSS
Exploits0References1
OSV
OSV
added 2018/10/18 6:29 a.m.2 views

UBUNTU-CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.1AI score0.01141EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/10/18 6:0 a.m.26 views

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.3AI score0.01141EPSS
Exploits0References2
ossfuzz
ossfuzz
added 2018/01/14 11:59 p.m.14 views

gdal/gdal_sdts_fuzzer: Heap-buffer-overflow in SDTSRasterReader::GetBlock

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5052815123677184 Project: gdal Fuzzer: libFuzzergdalsdtsfuzzer Fuzz target binary: gdalsdtsfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder