EUVD-2026-22201

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

CVE-2026-6227

Summary (CVE-2026-6227) The BackWPup WordPress plugin is vulnerable to Local File Inclusion via the REST endpoint /wp-json/backwpup/v1/getblock, using the block_name parameter. All versions up to 5.6.6 are affected due to a non-recursive str_replace() sanitization of path traversal sequences (e.g...

PT-2026-32589

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the block name parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive str replace sanitization of path traversal sequences. This makes it possible f...

PT-2025-22432 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central affected versions not specified Description: The issue is related to the getBlock function in Trend Micro Apex Central's security monitoring and management tool, which fails to neutralize special elements in its outpu...

SUSE CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

Xpdf 'DCTStream::getBlock' function out-of-bounds read vulnerability

Xpdf is an open source PDF reader developed by Foo Labs, which supports decoding LZW compressed format files and reading encrypted PDF files. Xpdf 4.00 version of the Stream.cc file in the 'DCTStream::getBlock' function has an out-of-bounds read vulnerability. A remote attacker can exploit this...

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

Null pointer dereference

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

UBUNTU-CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

DEBIAN-CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

gdal/gdal_sdts_fuzzer: Heap-buffer-overflow in SDTSRasterReader::GetBlock

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5052815123677184 Project: gdal Fuzzer: libFuzzergdalsdtsfuzzer Fuzz target binary: gdalsdtsfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...