15 matches found
CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-41015
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...
CVE-2025-61321
creationtimestamp| type| source ---|---|--- 2026-01-03 04:02:20+00:00| seen| https://gist.github.com/Professor-mogli/b1d3e5a44cb225ea8ecf5fd51ec149e1...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...
CVE-2025-62708
pypdf (Python PDF library) prior to version 6.1.3 is affected by CVE-2025-62708: an attacker can craft a PDF that triggers large memory usage when parsing a page content stream using the LZWDecode filter. The issue has been fixed in pypdf 6.1.3. This is documented in the CVE entry and corroborate...
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...
CVE-2025-62707 pypdf affected by possible infinite loop when reading DCT inline images without EOF marker
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...
WordPress plugin ABC Notation 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-5531 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions 5.0.0 through 6.1.2 Description: The issue is caused by insufficient input validation and sanitation in features such as Profile name & screenname, Bookmark name & description, and blogroll name. This allows an...
SUSE CVE-2018-16858
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script i...
TOTOLINK A3700R 缓冲区错误漏洞
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the command parameter of the setTracerouteCfg method...
Magnolia CMS 跨站脚本漏洞
Magnolia is a Java-based open source content management system CMS. A stored cross-site scripting vulnerability exists in the setText parameter of /magnoliaAuthor/.magnolia/ in Magnolia versions 6.1.3 - 6.2.3. No details of the vulnerability are provided at this time...
CVE-2016-3468
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install...
UBUNTU-CVE-2014-1299
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1...