1162 matches found
PT-2026-24182
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...
PT-2026-24343
Name of the Vulnerable Software and Affected Versions MediaWiki RenderBlocking versions prior to 0.1.1 Description The RenderBlocking extension for MediaWiki allows interface administrators to specify render-blocking CSS and JavaScript. Prior to version 0.1.1, a Stored Cross-Site Scripting XSS...
liquidjs 路径遍历漏洞
LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.0 had a path traversal vulnerability. This vulnerability stems from the layout, render, and include tags allowing access to arbitrary files via absolute...
Google Android Information Disclosure Vulnerability (CNVD-2026-16154)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. The vulnerability is caused by a possible way to access the GPU cache due to side channel information leakage in drawLayersInternal of SkiaRenderEngine.cp...
CVE-2025-48630
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-3132
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
📄 WordPress Bricks 1.9.6 Remote Code Execution
Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...
Arbitrary Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection via the renderEnvLines process. An attacker can execute arbitrary commands with the privileges of the gateway service user by injecting newline characters and...
WordPress Master Addons for Elementor Premium plugin <= 2.1.3 - Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability
Authenticated Subscriber+ Remote Code Execution via renderpreview vulnerability discovered by Ren Voza in WordPress Plugin Master Addons for Elementor Premium versions = 2.1.3...
CVE-2025-48630
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48630
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-208212
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48630
PT-2026 entries show CVE-2025-48630 included in upcoming patch previews (Critical/High list) for patch levels described, with March/June 2026 release timing and ongoing patch delivery cadence. No public technical details (root cause, affected product/version, exploit info) are provided in the con...
CVE-2025-48630
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-3132
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
CVE-2026-3132 Master Addons for Elementor Premium <= 2.1.3 - Authenticated (Subscriber+) Remote Code Execution via render_preview
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
EUVD-2026-9222
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
CVE-2026-3132
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...
CVE-2026-3132
The CVE concerns the Master Addons for Elementor Premium plugin for WordPress. All versions up to 2.1.3 are affected by a Remote Code Execution flaw via JLTMA_Widget_Admin::render_preview, caused by a missing capability check. This allows authenticated attackers with Subscriber-level access and a...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component...