CVE-2026-3454 GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

CVE-2026-3454 GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

CVE-2026-3454

CVE-2026-3454 affects the WordPress plugin GenerateBlocks (versions &lt;= 2.2.0). The vulnerability is an Insecure Direct Object Reference in the REST endpoint /wp-json/generateblocks/v1/dynamic-tag-replacements . The endpoint only checks user capability (edit_posts) and does not verify that the ...

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5 Best Qualys Replacement Solutions Reviewed

Knowing you have vulnerabilities is one thing; knowing if your defenses can actually stop an attack is another. Traditional vulnerability scanners tell you where the holes are, but they don't tell you if your security controls are configured correctly or if they'll perform under pressure. This is...

EUVD-2012-6251

Malware in sbrugna...

EUVD-2012-2143

Malware in sbrugna...

PT-2025-36092

Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex...

MGASA-2025-0138 Updated haproxy packages fix security vulnerability

BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sampleconvregsub, which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happen...

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.

...

thunderbird security update

102.15.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.15.0-1 - Update to 102.15.0 build1 102.14.0-3 - Bump NVR to rebuild 102.14.0-2 - Rebuild due to rhbz2228948...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

LLVM project 安全漏洞

LLVM project is a collection of modular, reusable compiler and toolchain technologies open-sourced by LLVM. A security vulnerability exists in LLVM project version a0138390, which stems from an assertion failure in component!replacements.countop && operation...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

GHSA-WRH9-CJV3-2HPW Sequelize vulnerable to SQL Injection via replacements

Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the where option. typescript User.findAll where: or literal'soundex"firstName" = soundex:firstName',...

CVE-2023-25813

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...

CVE-2023-25813 SQL Injection via replacements in sequelize

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...

CVE-2023-25813 SQL Injection via replacements in sequelize

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...

SUSE CVE-2007-1885

Integer overflow in the strreplace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably...

SUSE CVE-2012-2148

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies...