3785 matches found
CVE-2025-6715
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2025-6715 Latepoint < 5.1.94 - Unauthenticated LFI
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2025-6715 Latepoint < 5.1.94 - Unauthenticated LFI
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2025-6715
The CVE-2025-6715 entry concerns the LatePoint WordPress plugin, affected versions prior to 5.1.94. The vulnerability is Local File Inclusion via the layout parameter, enabling an attacker to include and execute PHP files on the server and thus run arbitrary PHP code. The issue is rooted in insuf...
VulnCheck KEV: CVE-2025-6715
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
Drupal Layout Builder Advanced Permissions module < 2.2.1 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by Eelke Blok eelkeblok in WordPress Module Layout Builder Advanced Permissions versions 2.2.1...
PT-2025-32966 · WordPress · Latepoint Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: LatePoint WordPress plugin versions prior to 5.1.94 Description: The LatePoint WordPress plugin is susceptible to a Local File Inclusion issue via the layout parameter. This allows attackers to include and execute PHP files on the server,...
Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
The Layout Builder Advanced Permissions module enables you to have fine grained control over who can do what in editing pages built with Layout Builder. The module doesn't sufficiently control access for adding sections in the submodule. This vulnerability is mitigated by the fact that an attacke...
BIT-LIBPHP-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...
Malicious code in isotopet4s-layout (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89341dbe7c72a6b4924313c2697d976b5570b3c9056de1b6ebf35ad41337387d The OpenSSF Package Analysis project identified 'isotopet4s-layout' @...
MAL-2025-6842 Malicious code in isotopet4s-layout (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89341dbe7c72a6b4924313c2697d976b5570b3c9056de1b6ebf35ad41337387d The OpenSSF Package Analysis project identified 'isotopet4s-layout' @...
Linux Distros Unpatched Vulnerability : CVE-2024-44959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization...
Linux Distros Unpatched Vulnerability : CVE-2025-38393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in...
Complete Evasion, Zero Modification: PDF Attacks on AI Text Detection
AI-generated text detectors have become essential tools for maintaining content authenticity, yet their robustness against evasion attacks remains questionable. We present PDFuzz, a novel attack that exploits the discrepancy between visual text layout and extraction order in PDF documents. Our...
Microweber has Reflected XSS Vulnerability in the layout Parameter
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
Cross-site Scripting (XSS)
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout parameter on the /admin/page/create page. An attacker can execute arbitrary JavaScript in the context of authenticated admin users...
CVE-2025-51502
Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...
Microweber CMS 安全漏洞
Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflected cross-site scripting in the layout parameter in the /admin/page/create page, which could lead to arbitrary JavaScript execution...
SUSE CVE-2025-38393
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...
CVE-2025-38475
In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inetsock type confusion. syzbot reported weird splats 01 in cipsov4socksetattr while freeing inetsksk-inetopt. The address was freed multiple times even though it was read-only memory...